Wireshark-users: Re: [Wireshark-users] Please help me!
Dear Jaap,
Thanks for the tips. I will try you methods later.
However, I have tried to cpature the phone's packets from three other desktop compuetrs all running Windows XP Professional and can do the work.
My notebook is with Windows XP Home edition, I wionder if this is the problem.
Best Regards
Shou-Kuo Shao
At ?U?? 07:23 2008/7/16 +0200, you wrote:
>Hi,
>
>Does the IP phone use vlan tags? That can spell trouble for the windows network
>driver. Boot up from a Linux live CD with a capture application (Knoppix is a
>good example) and try capturing with that.
>
>Thanx,
>Jaap
>
>Shou-Kuo Shao wrote:
>> Dear Abhik,
>>
>> Thank you for the quick reply.
>>
>> However, the setting of "Capture packets in promiscuous mode" has been
>> selected crrectly. And the device I used is a pure hub. If I ping the IP
>> phone from any places, I could capture the ICMP packets with the IP
>> phone's address. I also could capture any other packets on the net, so
>> the promiscuous mode should be OK.
>>
>>
>> The only problem is the SIP and RTP packets could not be captured. And
>> no cpature filters has been set.
>>
>> Best Regards
>>
>> Shou-Kuo Shao
>>
>>
>> >- When starting the capture, make sure that you select "Capture
>> >packets in promiscuous mode", otherwise only packets coming to and
>> >leaving your laptop will be captured and not everything flowing though
>> >the hub.
>> >- Make sure you are connecting to a hub and not a switch. Otherwise
>> >the capture approach has to be changed.
>> >
>> >HTH
>> >Abhik.
>> >
>> >On Wed, Jul 16, 2008 at 12:20 PM, skshao <skshao@xxxxxxxxxx> wrote:
>> >> Dear gurus,
>> >>
>> >> I have installed the Wireshark 1.0.2 in a notebook with a Realtek
>> RTL8139/810x Family Fast Ethernet Ethernet NIC.
>> >>
>> >> Everything seems OK, when I initialize wireshark to capture the
>> packets over the Ethernet. However, when I attach the notebook to a hub
>> with a IP Phone attached on another port, strange thing happens. The
>> Wireshark could capture packets except those of SIP and RTP related
>> protocols (ex., I ping the IP Phone from the notebook and the packets of
>> ICMP echo request and reply can be captured). No capture filters has
>> been assigned in the Wireshark.
>> >>
>> >> I then initalize a soft phone in the notebook to communicate with
>> the Proxy server and use wireshark to capture the SIP packets. The
>> Wireshrak works well in this way.
>> >>
>> >> I have unistalled WinPacp and wireshark with Revo unistaller (in
>> order to uninstall them completely) and re-install them several times.
>> The situation doesn't change a bit. It just seems that my notebook could
>> not cpature the Ethernet packets of SIP and RTP protocols.
>> >>
>> >> Can anyone help me or give me a clue to solve this? Thank you very
>> much for the help!
>> >>
>> >> Best Regards
>> >>
>> >> Shou-Kuo Shao
>
>_______________________________________________
>Wireshark-users mailing list
>Wireshark-users@xxxxxxxxxxxxx
>https://wireshark.org/mailman/listinfo/wireshark-users
>