Welcome to GotSpeech.NET Sign in | Join | Help

Marshall Harrison - "the gotspeech guy"

Site news, Speech Server insight and assorted ramblings
WireShark to the rescue

If you have been faced with the task of debugging a SIP call then you know how daunting that can be. You make the call (to MSS 2007 in my case) but all you get is a busy signal. Or the phone just rings and rings.

What's wrong? You start checking your setup. Everything is configured correctly (or so it seems) but the call won't go through. So you try again. Look at things some more and try again. Have you ever done this? I have. It's like we expect the call to magically work on the second or third attempt. Well it doesn't work that way for me.

To debug a SIP call you have to do some digging and that is where WireShark comes in to play. WireShark is a network analyzing tool and it is a free download. I've started using it to debug SIP calls so I thought I would show you how I use it. Note that there may be other ways of using WireShark but this is what works for me.

After starting WireShark you have to tell it to start monitoring network traffic. You do that by clicking the leftmost button on the tool bar and clicking the Capture button as shown below.

Once you start the capture you will be presented with the capture screen and you can make your call. The capture collects a lot of data so I wouldn't advise going for a cup of coffee while the capture is running. The capture screen looks like this. Simply click the stop button after placing your call.

After stopping the capture you will be presented with the data from the capture. You may be surprised by the amount of data that is collected but don't worry. WireSHark allows you to filter the data so all you have to do is filter out all but the SIP traffic. You do that by clicking the Expression button to set the filter or choosing it in the download if you have set it previously. WireShark will remember the last setting when you start it up.

After clicking you can choose SIP as shown here -

Now your data should only show the SIP traffic as shown in the image below.

By clicking on a row you can drill down to see your data like this -

 

 You can even save the data off to a file in several other formats so as the text file shown here.

As you can see there is a lot of data about the SIP call. I'll let you interpret the data as a homework assignment. I will go into more detail in a later blog post on how to anyalyze the data and explain what is happening with the call.

Note: If you have problems viewing these images you can find larger versions by clicking on the image.

Posted: Tuesday, January 23, 2007 8:11 PM by marshallharrison

Comments

.:Computer Defense:. » Daily Link List said:

PingBack from http://www.computerdefense.org/?p=209

# January 24, 2007 1:15 AM

alec said:

Glad to see this. I have need to use Ethereal in the past fairly often but not often enough to commit all of the ins and out to memory. Having Marshall's description to refer to will be very helpful.

I look forward to seeing the analysis section and would hope to see some examples of failed connections (and how to interpret them). That's usually when I reach for the tool.

Great job! Keep up the good work.

Alexander

# January 26, 2007 3:31 PM
Anonymous comments are disabled