Wireshark-users: Re: [Wireshark-users] VoIP Analysis for Dummies

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 22 Mar 2007 22:22:33 +0100 (CET)
Hi,

Hmm, a 10/100 hub. That usually means a 10Mb hub and a 100Mb hub placed in
a single box, connected by a simple switch. This in order not to overflow
the 10Mb segment with 100Mb traffic.
Are the phones 10Mb connected? The rest probably 100Mb. As long as stuff
is running on the PC you'll see it in the capture there. Also other stuff
on the 100Mb segment. Peer to Peer media on the 10Mb segment you won't
see.

Thanx,
Jaap

On Thu, 22 Mar 2007, Cliff Weisgerber wrote:

> Jaap,
>
> Well, I installed xTen eyeBeam (a softphone) on my PC and voila!  My problem
> is that the Polycom and LinkSys phones are doing something I don't
> understand yet.  The eyeBeam is sending/receiving RTP and I can follow it no
> problem.  Sorry for being a newbie and bothering the group with this and
> thanks for responding.
>
> Cliff
> "On Wednesdays I go shopping and have buttered scones for tea."
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Cliff Weisgerber
> Sent: Thursday, March 22, 2007 11:02 AM
> To: 'Community support list for Wireshark'
> Subject: Re: [Wireshark-users] VoIP Analysis for Dummies
>
> Jaap,
>
> Yes, it is a LinkSys NH1005.  I believe it is indeed a hub as I can see
> traffic between HUD on my PC and my asterisk box.  I see multicast packets
> from a LinkSys phone (obviously) and, if I do not filter, I see a bunch of
> stuff between my PC, the two phones and everywhere else hence my previaously
> stated belief ;)
>
> I see no SIP or RTP packets and am lost as to why.
>
> Cliff
> "On Wednesdays I go shopping and have buttered scones for tea."
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Thursday, March 22, 2007 10:38 AM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] VoIP Analysis for Dummies
>
> Hi,
>
> Are you ABSOLUTELY sure it's a hub? Many are switches underneath.
> Check out the Wireshark Wiki on suspicious hubs.
>
> Thanx,
> Jaap
>
> On Thu, 22 Mar 2007, Cliff Weisgerber wrote:
>
> >
> >
> > Hi,
> >
> >
> >
> > I am trying to use wireshark to trace VoIP activity.  First, I must plead
> > ignorance as far as doing network sniffs - I have used ethereal in the
> past
> > and now wireshark but am no expert at this.
> >
> >
> >
> > My problem:  I see no SIP or RTP traffic on the traces I am doing.  I am
> > filtering out just the traffic between a couple of phones, the gateways in
> > the network and my asterisk server.  My phones and the PC running
> wireshark
> > are all on the same LinkSys hub so I should see this stuff, shouldn't I?
> I
> > make calls between the phones and see nothing.
> >
> >
> >
> > What am I not doing correctly?
> >
> >
> >
> > Thanks for helping a newbie!
> >
> >
> >
> > Cliff Weisgerber
> >
> >
> >
> > Cliff
> >
> > "On Wednesdays I go shopping and have buttered scones for tea."
> >
> >
> >
> >
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>