When troubleshooting networks, it helps to look inside the contents of the packets. This helps to determine if the packets, route, and destination are all what you expect. Traffic capture can also be called packet sniffing, a network tap, or logic analyzing.
Packet sniffing tells you what is happening on the network at a low level. This can be very useful for troubleshooting problems, such as:
- Finding missing traffic.
- Seeing if sessions are setting up properly.
- Locating ARP problems such as broadcast storm sources and causes.
- Confirming which address a computer is using on the network if they have multiple addresses or are on multiple networks.
- Confirming routing is working as you expect.
- Intermittent missing PING packets.
If you are running a constant traffic application such as ping, packet sniffing can tell you if the traffic is reaching the destination, how the port enters and exits the FortiVoice Gateway, if the ARP resolution is correct, and if the traffic is returning to the source as expected. You can also use packet switching to verify that NAT or other configuration is translating addresses or routing traffic the way that you want it to.
Before you start sniffing packets, you need to have a good idea of what you are looking for. Sniffing is used to confirm or deny your ideas about what is happening on the network. If you try sniffing without a plan to narrow your search, you could end up with too much data to effectively analyze. On the other hand, you need to sniff enough packets to really understand all of the patterns and behavior that you are looking for.
- Go to System > Network > Traffic Capture.
Button or GUI field
Click to stop the packet capture.
When the capture is complete, click Download to save the packet capture file to your hard disk for further analysis.
The name of the packet capture file.
The size (byte) of the packet capture file.
The status of the packet capture process, Complete or Running.
- Click New.
- In Capture file prefix, enter a prefix for the file generated from the captured traffic. This will make it easier to recognize the files.
- In Duration, enter the time period for performing the packet capture.
- If you choose SIP or Use protocol for Filter, from the Peers field, select the extension or trunk of which you want to capture the voice packets. You can select up to three peers.
- If you want to limit the scope of traffic capture, in the IP/Host field, enter a maximum of three IP addresses or host names for the extensions and trunks you selected. Only traffic on these IP addresses or host names is captured.
- Select the filter for the traffic capture:
- SIP: Only SIP traffic of the peers you select will be captured.
- Use Protocol: Only UDP or TCP traffic of the peers you select will be captured.
- Capture All: All network traffic will be captured.
- For Exclusion, enter the IP addresses/host names and port numbers of which you do not want to capture voice traffic.
- Click Create.