Wireshark trace - How to make a trace of a call?

The Program Wireshark is used for tracing the communication between devices interconnected by LAN. The devices (e.g. PBX connected with a GSM gateway via LAN) send to each other packets which are captured by the above mentioned program. Wireshark is distributed under the Open source licence (http://www.wireshark.org/download.html).
In order to capture all the packets which are sent via particular LAN, the devices have to be part of the same segment (they have to be connected via HUB). If you do not have a hub you can use a switch which supports so called port mirroring (http://en.wikipedia.org/wiki/Port_mirroring).

Installation

Download the program and appropriate installer (e.g. Windows installer).

Wireshark is then initiated

Start capturing: „Capture->Start" or use icon #1

End capturing: „Capture->Stop" or use icon #2

Restart capturing with deletion of previously captured packets: „Capture->Restart" or use icon #3

Save results: „File->Save As->Wireshark/tcpdump/... -libpcap(*.pcap;*.cap)

Open previously saved trace: „File->Open"

Basics of filter application:

1. I want to filter the packets according to source IP- eg: ip.src_host=="192.168.5.7"
2. I want to filter the packets according to destination IP - eg: ip.dst_host=="192.168.5.7"
3. Protocol type: tcp, udp, sip, ...
4. The terms can be combined via logical expressions : and, or, not, ...
5. Applying a filter - Apply, Deleting a filter - Clear

Example of captured communication

Example of captured communication after applying a filter

Important:. In order to provide us with detailed information about the possible problem with the device please do not apply any filter and simply capture all the communication during the test call. Save it via Save as>Wireshark/tcpdump/... -libpcap(*.pcap;*.cap) and send it to us.