Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jan 2011 11:33:30 +0000
From:      Arthur Chance <>
To:        Da Rock <>
Subject:   Re: Tracing packets - asterisk issues
Message-ID:  <>
In-Reply-To: <>
References:  <>	<> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 01/25/11 10:41, Da Rock wrote:
> On 01/25/11 18:46, Bruce Ferrell wrote:
>> On 01/24/2011 11:13 PM, Da Rock wrote:
>>> I have been trying to get some pointers on my asterisk issues and I've
>>> only been hearing crickets chirping (Asterisk list and here). I need a
>>> pointer or two so I can fix this issue, so I'll try another angle.
>>> How do I trace IP packets across the network (pf firewall included)?
>>> And would it be possible to read it visually (human readable)?
>>> Cheers
>> Use tcpdump to do a capture file. something like this:
>> tcpdump -i eth0 -n -s 1500 -w sip.cap
>> then feed sip.cap to wireshark
>> filter for SIP and observe the SIP conversation
>> It's also possible to decode the RTP stream
> I've been using tcpdump on the asterisk server and both interfaces of
> the firewall as well as the log interface. Unfortunately, its not giving
> me the answers I want so far. Follow a stream from beginning to end, so
> to speak, but I've been having trouble matching it up; especially with
> the log.
> Is it possible with wireshark to do this kind of matching if I capture
> on all these interfaces?

 From the wireshark manual page:

        File:Open Recent
            Merge another capture file to the currently loaded one. The
            File:Merge dialog box allows the merge "Prepended",
            "Chronologically" or "Appended", relative to the already
            loaded one.

Looks like doing a chronological merge is what you need. Your machines 
had better have the same idea of what the time is though.

Want to link to this message? Use this URL: <>