h1. Debug VoIP call with Wireshark

Suppose you want to get call graph in convenient format for debugging.
A _wireshark_ application does this:

!capture.gif!

Clicking on each arrow you can get call graph:

!capture1.gif!

_Wireshark_ requires file, that contains captured call in _.pcap_ format.
Therefore our purpose is to get this file.

h3. Automatic call capturing.

This is preferred way.
Use embedded system of [[Call capturing]] to get _.pcap_ file.


h3. Manual file capturing.

In case if for some reason automatic [[Call capturing]] is not available in your version, use manual method.

1. Acquire _root_ access as described in chapter [[How to acquire root access]]

2. Get packet dump of a call. 
For this we use _tcpdump_ utility:

<pre>
# tcpdump -s 0 -w voip.cap
</pre>

This command will capture packet dump to file voip.cap in current directory.
However much better if you know, where from you will get traffic or where to you will send traffic.
IP address of terminator or originator you can see on web-interface.
In this case execute command this way:

<pre>
# tcpdump -s 0 -w voip.cap host 192.168.0.1
</pre>

In this case 192.168.0.1 - is IP address of needed peer, which is used for call pass-through.

To capture from several hots (for example, originator and terminator) use this instruction:

<pre>
# tcpdump -s 0 -w voip.cap host 192.168.0.1 or 192.168.0.2
</pre>

In this case 192.168.0.1 - is the IP address of originator, 
192.168.0.2 - is the IP address of terminator.

The commands above capture on the first network interface from the list of system's interfaces.
To capture on specific network interface execute command this way:

<pre>
# tcpdump -i rl0 -w voip.cap
</pre>

Here, rl0 - is one of interfaces displayed from 

<pre>
# ifconfig
</pre>

The commands above begin capturing packet dump.
To stop dumping and logging to file press CTRL+C.

*Attention!* To capture call correctly you need to launch _tcpdump_ *before* the call start and stop *after* call end.

3. Download packet dump to your PC.
For this you should use _pscp_ application (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html):

<pre>
> pscp.exe -C admin@10.0.0.1:voip.cap voip.cap
</pre>

Now you have packet dump on your PC.

h3. Wireshark usage.

Open packet dump, obtained via automathic or manual method, in _wireshark_ application (http://www.wireshark.org/).

For this:

# Launch _wireshark_.
# Choose file voip.cap in dialog File->Open.
# After opening file press Telephony->VoIP calls. 
  You'll get all the calls which were in the packet dump.
# Choose needed call by clicking on it with mouse and press "Flow".
# You'll get call graph of a call. 
  By clicking on any of arrows, wireshark will display the contents of packet, which you can view.

[[Отладка VoIP звонка с Wireshark|Русский перевод]]