Wireshark - tcpdump trace on PBX

Owned by Nathaniel Halbrooks
Dec 15, 2023
1 min read

  1. Log into the server using SSH

  2. Run the command "tcpdump -s 0 -i any -w sip-trace.pcap"

  3. Reproduce your issue

  4. Stop the tcpdump using CTRL+C

  5. Log into the server using WINSCP and download the file "sip-trace.pcap"

Zip up and send in the sip-trace.pcap file (ensure it is zipped) along with the full details of which call the issue occurred on. Ensure you provide the called number, calling number, local extension that answered the call and exact date/time and how many times that number was called in the trace.

Following explains the parameters used:

-i   Select interface that the capture is to take place on, this will often be an Ethernet card or wireless adapter but could also be a vlan. Not always required if there is only one network adapter.)

-s0  Unlimited size of the packet to capture

-w  Saves the file

Return to Documentation Home I Return to Sangoma Support