Ethereal-users: RE: [Ethereal-users] Lost packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "David Kuder" <david.kuder@xxxxxxxxxx>
Date: Thu, 2 Oct 2003 11:28:38 -0700
John Graves [jhgraves@xxxxxxxxxxxx] wrote:
> I am attempting to examine VOIP flows in a client network.  They have
a
> unique link between the IP gateway and the router, into which I
inserted
> a hub.  I can ping both the router and the gateway, but do not see
> either the setup messages or the voip packets although the PBX vendor
> is telling me that they are TCP and UDP packets, respectively.  If I
> break the link, calls cannot be made which confirms that I am into the
> right link.  Does anyone have any experience with this using
ethereral?
> I am using Rel 0.9.15 and WinPCap

I capture VOIP signaling (SIP, MGCP) and voice (RTP) all the
time with Ethereal.  About the only thing missing is pulling the
G.711 payload out of the RTP as an audio stream (aka tapping a
call).

You sure you have a hub?  If you see traffic in the capture but it's
all ARP and microsoft babble you are probably only seeing broadcast
traffic.