How To Capture SIP Packets With Wireshark

Introduction

This guide will help you to capture and analyze SIP traffic using WireShark which is very useful to find the cause of VoIP problems.

Wireshark interface selection

To start a SIP capture:
Select interface
Click 'Start' to start capturing. Generally you want the one with the largest increasing number of packets

Adding Display Filter

Now you should see all types of traffic passing through your network interface.
Let's apply a capture filter to limit the number of packets you have to deal with.

Go to Wireshark filter's box and enter the value "sip". Then hit enter.
That's it. Only relevant packets are shown.
SIP filter view

Exporting SIP Trace

This section can be very useful in case you need an assistance.
SIP Trace is a best way to troubleshoot basic SIP issues.

Go to File > Save As... Select interface


More tutorials