Skip to main content

PCAP

When there are problems with call quality or missing audio, the PBX offers a feature that generates "PCAP" (see https://en.wikipedia.org/wiki/Pcap) files that include the RTP packets between the PBX and the connected VoIP devices. This feature will collect the network traffic for the extension when the user is making an outbound call or receiving an inbound call. It can be enabled on extension level and trunk level. Other traffic on the server is not included which makes it easier to find problems on busy systems with many calls.

The PCAPs are not taken from the network interface. Instead, the PBX generates the PCAP from the packets that is has sent and received. That means that MAC addresses are not available and IP addresses are from the PBX point of view. For example, if a host has multiple IP addresses configured on an interface, the PCAP might show a random IP local address. Timestamps for incoming packets are taken from the operating system network subsystem (except in Windows), the timestamps for outgoing packets are taken from the system clock. SRTP packets are stored without encryption, which makes it possible to play them back (even though the tools might be a little confused). TCP and TLS transport layer packets are stored as UDP packets for simplicity, however in the SIP packet itself the transport layer is in the Via header.

If a PCAP is enabled for a domain, the domain list will show a document icon in the domain list. This is to remind administrators to turn the PCAP after the analysis off.

To enable it on extension level, go to the administrator settings for the extension:

pcap11.png

To generate a PCAP traces turn the setting on and make or receive an incoming call to troubleshoot.

You can also generate a PCAP trace under the trunk setting "Media/Audio" this is useful for troubleshooting when the system receives an inbound call or when a user makes an outbound call with the trunk.

pcap31.png

PCAP location

Once the admin is done generating a PCAP trace it will be stored on the file system. You can download the file from the browser or copy it from the file system.

You can retrieve the PCAP file from the administrator interface as system administrator from the system call log or the tenant call log. There is a small blue document icon for the CDR record. By clicking on the symbol, the browser will download the file. The PCAP file is deleted from the file when the CDR is being deleted.

In the file system the files are stored in the pcap directory of the main PBX directory.

pcap21.png

... or use the CDR

Most of the time, only the SIP packets of the PCAP are important for trouble shooting. In version 69.3 and onwards, the administrator can easily download those logs from the call log. Clicking on the call log line will show more details for the call; then there is a SIP symbol that will show all SIP packets for the call leg.

Last updated on