Program Wireshark is used for tracing the communication between devices interconnected by LAN. The devices (e.g. PBX connected with a GSM gateway via LAN) send each other packets which are captured by the above mentioned program. Wireshark is distributed under the Open
source licence (http://www.wireshark.org/download.html).
In order to capture all the packets which are sent via particular LAN, the devices have to be part of the same segment (they have to be connected via HUB). If you do not have a hub you can use a switch which supports so called port mirroring (http://en.wikipedia.org/wiki/Port_mirroring).
- Here is the required scheme:
- Installation: Download the program and appropriate installer (e.g. Windows installer).
- Wireshark is then initiated:
- Start capturing: „Capture->Start” or use icon #1 End capturing: „Capture->Stop” or use icon #2
- Restart capturing with deletion of previously captured packets: „Capture->Restart“ or use icon #3
Save results: „File->Save As->Wireshark/tcpdump/… -libpcap(*.pcap;*.cap) Open previously saved trace: „File->Open” Basics of filter application:
- I want to filter the packets according to the source IP– eg: ip.src_host==“192.168.5.7“
- I want to filter the packets according to the destination IP – eg: ip.dst_host==“192.168.5.7“
- Protocol type: tcp, udp, sip, …
- The terms can be combined via logical expressions : and, or, not, …
- Applying a filter – Apply, Deleting a filter – Clear
- Example of captured communication:
- Example of captured communication after applying a filter:
Important:. In order to provide us with detailed information about the possible problem with the device, please do not apply any filter and simply capture all the communication during the test call. Save it via Save as>Wireshark/tcpdump/… -libpcap(*.pcap;*.cap) and send it to us.