Author Topic: Reading and deciphering Wireshark packet captures  (Read 8101 times)

Offline wobbly_head_bob

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Reading and deciphering Wireshark packet captures
« on: August 25, 2010, 09:29:47 AM »

After having difficulties reliably sending DTMF tones over IP trunks to another site, I have been asked to get packet captures at my trunking switch to "see if we can hear the DTMF tones clearly accross the IP trunks".  So on my trunking switch I have mirrored the LAN ports, turned off voice encryption, set up a laptop w/ Wireshark and captured a few different calls.  Now what?

I see a ton of packets and just knowing the sending and receiving IP addresses I can tell which call is mine, but I can't read these things anymore than that.  None of packets show me anything even remotely readable...moreover, all the packets are showing up as UDP....which makes sense I guess for voice transmissions, but I gotta think that'd probably not bode so well with DTMF strings (as they pretty much have to get where they are going and absolutely must be in order).  Anyone have any clue on how I can interpret these wireshark captures or how I can perhaps configure wireshark to spit out something that someone without an 'engineer' tag can read?


Offline bobcheese

  • Sr. Member
  • ****
  • Posts: 435
  • Karma: +3/-0
    • View Profile
Re: Reading and deciphering Wireshark packet captures
« Reply #1 on: August 25, 2010, 11:19:37 AM »
If you have an MoL account I think there is a workshop on this in the training section.

Offline wobbly_head_bob

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Reading and deciphering Wireshark packet captures
« Reply #2 on: August 25, 2010, 11:40:28 AM »
You followin' me pal?   :P

I do believe I have an MoL account...I'll head there, thanks man!

Offline wobbly_head_bob

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Reading and deciphering Wireshark packet captures
« Reply #3 on: August 25, 2010, 12:06:27 PM »
I do have an active MoL account and am able to login, but it appears the site may be having issues...each time I try to navigate through training I get:

IWKMU1026X: File not found

...Both in IE and Firefox.  You able to see the training site ok?

Offline bobcheese

  • Sr. Member
  • ****
  • Posts: 435
  • Karma: +3/-0
    • View Profile
Re: Reading and deciphering Wireshark packet captures
« Reply #4 on: August 25, 2010, 06:36:51 PM »
yeah I can get it on fine.

Offline wobbly_head_bob

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Reading and deciphering Wireshark packet captures
« Reply #5 on: August 26, 2010, 06:45:17 AM »
Cheese,

You're the man, I found the course finally...gonna fire that up later this morning.

Thanks a ton.


 

Sitemap 1 2 3 4 5 6 7 8 9 10