Skip to main content

PCAP Tracing

When there are problems with call quality or missing audio, the PBX offers a feature that generates "PCAP" (see https://en.wikipedia.org/wiki/Pcap) files that include the RTP packets between the PBX and the connected VoIP devices. This feature will collect the network traffic for the extension when the user is making an outbound call or receiving an inbound call. It can be enabled on extension level and trunk level. Other traffic on the server is not included which makes it easier to find problems on busy systems with many calls.

The PCAPs are not taken from the network interface. Instead, the PBX generates the PCAP from the packets that is has sent and received. That means that MAC addresses are not available and IP addresses are from the PBX point of view. For example, if a host has multiple IP addresses configured on an interface, the PCAP might show a random IP local address. Timestamps for incoming packets are taken from the operating system network subsystem (except in Windows), the timestamps for outgoing packets are taken from the system clock. SRTP packets are stored without encryption, which makes it possible to play them back (even though the tools might be a little confused). TCP and TLS transport layer packets are stored as UDP packets for simplicity, however in the SIP packet itself the transport layer is in the Via header.

If a PCAP is enabled for a domain, the domain list will show a document icon in the domain list. This is to remind administrators to turn the PCAP after the analysis off.

To enable it on extension level, go to the administrator settings for the extension:

pcap11.png

To generate a PCAP traces turn the setting on and make or receive an incoming call to troubleshoot.

You can also generate a PCAP trace under the trunk setting "Media/Audio" this is useful for troubleshooting when the system receives an inbound call or when a user makes an outbound call with the trunk.

pcap31.png

PCAP location

Once the admin is done generating a PCAP trace. You can either retrieve the PCAP file from the file system (in the pcap directory) or as system administrator from the system call log or the tenant call log. There is a small document icon for the CDR record. The PCAP file is deleted when the CDR is being deleted.

pcap21.png

Last updated on