Document Using a laptop to get Wireshark Trace in front of a phone Author Greg Skinner
 Publish Date 31/01/2018 Version 1.2 Reference 8129845

 

1. Version Information 

 
Date Author Update Information Version 07/07/2017 Simon Smith 1st Draft  1.0 31/01/2018 Greg Skinner 2nd Draft 1.1 31/01/2019 Jess Portugal 3rd Draft 1.2

 

2. Document Purpose & History

 

This document is intended to provide the reader with ability to run wireshark on a laptop running Windows 7.

 

Using a laptop to get Wireshark Trace in front of a phones

 

 

 

This KB is only for Windows 7

 

Often a packet capture is very helpful in diagnosing SIP registration/connectivity problems or voice quality problems. For many on-premises cases, the trace can be generated on the UCP.

The challenge comes when the 3rd party SIP device or IP phone is connected to the cloud platform. Often in smaller installations, there is no managed switch with port mirroring capabilities. It is possible to use an engineer’s laptop with Wireshark to collect the packet trace.

Pre-Requisites

The following pre-requisites are required.

  1. A built in Ethernet port on the laptop.
  2. One of
    1. A customer has a wifi network (this should not be used to investigate voice quality issues).
    2. A 2nd USB Ethernet Adapter AND a phone PSU to power the phone if it is PoE powered.
  3.  Wireshark is installed on the eingineer’s computer.

The IP phone being captured will be connected to the built-in Ethernet port of the laptop. The laptop will be connected to the customer’s network using wireless or the 2nd USB Ethernet port. Using either setup packets to, and from, the phone will be seen by the laptop.

Setting up the Bridge Interface

  1. Open “Network and Sharing Centre”, and choose “Change Adapter Settings”
  2. Select the Built in Ethernet port.
  3. Use Ctrl+Left mouse click to select the 2nd interface
    1. a. Wifi adapter.
    2. 2nd Ethernet Adapter.
  4. Right click on one of the Selected Adapters and choose Bridge Connections.
  5. And additional Adapter Interface, a Bridge interface will appear.

Capturing with Wireshark

It is important to ensure that data and topology information is not leaked from the phone environment by this capture method.

To limit the capture to the phone information use the following process.

  1. From the Capture menu, choose the options menu item.
  2. Select the built in Ethernet adapter.
  3. Ensure Promiscuous Mode is ticked
  4. In the “Capture filter for selected interfaces” type “host <ip address>. Replace <ip address> with the phone’s IP address.
  5. Press Start
  6. Perform Test
  7. Press Stop (red square on toolbar)

Removing the Bridge Interface

To remove the bridge interface:

  1. Use the method in steps 1-3 of “Setting up the Bridge Interface” to select the interfaces that have been bridged.
  2. Right click on an interface and choose “Remove From Bridge”.