Wireshark-users: Re: [Wireshark-users] Please help me!
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 16 Jul 2008 19:23:42 +0200
Hi,
Does the IP phone use vlan tags? That can spell trouble for the windows network driver. Boot up from a Linux live CD with a capture application (Knoppix is a good example) and try capturing with that. 

Thanx,
Jaap

Shou-Kuo Shao wrote:

Dear Abhik,

Thank you for the quick reply.
However, the setting of "Capture packets in promiscuous mode" has been selected crrectly. And the device I used is a pure hub. If I ping the IP phone from any places, I could capture the ICMP packets with the IP phone's address. I also could capture any other packets on the net, so the promiscuous mode should be OK.
The only problem is the SIP and RTP packets could not be captured. And no cpature filters has been set. 

Best Regards

Shou-Kuo Shao


 >- When starting the capture, make sure that you select "Capture
 >packets in promiscuous mode", otherwise only packets coming to and
 >leaving your laptop will be captured and not everything flowing though
 >the hub.
 >- Make sure you are connecting to a hub and not a switch. Otherwise
 >the capture approach has to be changed.
 >
 >HTH
 >Abhik.
 >
 >On Wed, Jul 16, 2008 at 12:20 PM, skshao <skshao@xxxxxxxxxx> wrote:
 >> Dear gurus,
 >>
>> I have installed the Wireshark 1.0.2 in a notebook with a Realtek RTL8139/810x Family Fast Ethernet Ethernet NIC. 
 >>
>> Everything seems OK, when I initialize wireshark to capture the packets over the Ethernet. However, when I attach the notebook to a hub with a IP Phone attached on another port, strange thing happens. The Wireshark could capture packets except those of SIP and RTP related protocols (ex., I ping the IP Phone from the notebook and the packets of ICMP echo request and reply can be captured). No capture filters has been assigned in the Wireshark. 
 >>
>> I then initalize a soft phone in the notebook to communicate with the Proxy server and use wireshark to capture the SIP packets. The Wireshrak works well in this way. 
 >>
>> I have unistalled WinPacp and wireshark with Revo unistaller (in order to uninstall them completely) and re-install them several times. The situation doesn't change a bit. It just seems that my notebook could not cpature the Ethernet packets of SIP and RTP protocols. 
 >>
>> Can anyone help me or give me a clue to solve this? Thank you very much for the help! 
 >>
 >> Best Regards
 >>
 >> Shou-Kuo Shao