Running a Wireshark Capture

This article explains how to run a Wireshark Capture on a phone that is using one of CCPro's SIP solutions.
If you are running the trace on a physical phone, such as a Cisco, Yealink or Poly, you will need to use a computer that is "daisychained" to the phone via an ethernet cable.


As part of this, it will be useful for us to know what your phone's internal IP address is.
For physical phones this is in the menu options, usually under Network (or similar).

For softphones, it is the internal IP address of the computer they are installed on. 
You can normally find this in Windows by opening a command prompt (Run > CMD) and typing 'ipconfig without quotes.

Install Wireshark

If you do not have Wireshark installed on the computer already, you can download it here: https://www.wireshark.org/download.html               

Setting Up the Capture

Open Wireshark and go to Capture > Options

Locate any connection(s) with traffic, indicated by a wave line.

Highlight the connection by clicking on it, and then in the Capture filter for selected interfaces box at the bottom, type 'udp' without quotes.

This field should turn green.

Repeat for any other connections with traffic.

Then click Start. You should see something similar to this happening.

Let the Capture Run

You should now leave Wireshark running in the background.
Please make a note of the EXACT time, date and full details of any issue you are looking to troubleshoot.
For example, date and time of call, number dialled, source number, etc.
Please note full details of the issues experienced.


You can leave the trace running for several hours if you need to. The longer it runs, the larger the resulting file will be.

Stop the Capture

When you are ready to stop capturing, in Wireshark, go to Capture > Stop

Export the Capture

In Wireshark, go to File > Save As

Give the file a relevant name and save it to your computer.

Send the Capture to CCPro Support

You will most likely have an open support ticket if you have been asked to run a Wireshark capture.

Simply reply to the ticket, attaching the resulting Wireshark file, and providing the details of any relevant instances of the problem we are investigating, as detailed earlier in the article.