Wireshark-users: [Wireshark-users] Newbie Questions for a Specific Problem
From: Mark Phillips <mark@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Jan 2011 11:06:41 -0700
I am new to wireshark and network monitoring, so please bear with me. I am looking for some guidance on how to solve a specific network problem...

The problem
My T-Mobile MYTouch 4G is supposed to be able to make calls over wifi.  It connects to some wifi hot spots, but not others. In particular, it connects at a local Stabucks for wifi calls, but now my office wifi network. I need to find a way to make it work over my office network. The kicker is the phone says I am connected to wifi at both locations, but just can't make a phone call using wifi over my office network.  Basically, one enables Wifi, and the phone scans and connects to a network. This process succeeds in both locations. There is a second button to enable wifi calling, which fails on my office network, but not at Starbucks. The error I message when it does not connect is "Connection Error - ISP or T-Mobile Network Error." T-Mobile technical support says it is a problem with my network, so I am SOL. But, they cannot tell me what my network has to do to be compatible with wifi calling.

I thought I might be able to use wireshark see what happens when the phone connects at Starbucks and not on my office network, to see if I can change my network to work with wifi calling. My network setup - Linksys WRT54G Wireless Router configured as an access point connected to a BEFSX-41 Linksys router, which is connected to my cable modem. I use MAC filtering and WPA and AES with a pre-shared key for wireless security.

Questions...
1. Is my initial assumption that I can use wireshark to figure out what is not working with my network and what is working at Starbucks for wifi calls even feasible? Do I have a chance of figuring out what needs to be changed on my network to make wifi calling work?

2. Do I need a PhD in LAN Diagnostics to figure out what is happening on my network versus Starbucks and fix my network?

3. I fired up wireshark on my work network and starting capturing packets on eth0. I looked at the DHCP routing table in the router and found the phone was assigned 192.168.25.203. I set a filter for that address (ip == 192.168.25.203 or eth.addr == f8:db:7f:42:db:75), hit a web page on the phone and no packets were captured, even though the phone says it was connected to the wireless network. The page loaded on the phone. Tried sending/receiving an email. I also tried hitting the "enable wifi calling" button, and no packets. What am I doing wrong?

Thanks,

Mark