Wireshark and Cloudshark are invaluable tools for debugging sip and iax issues on your Asterisk server.
Here we have a short Video that goes over the basics of getting a call captured and opened in Cloudshark
we also have a short tutorial for download here in PDF format
First we need to get the packets we want. This is far simpler than its thought. We use a simple command line tool called tcpdump, if its not installed install it now, You wont be able to live without it.
Here we have 2 commands, The first captures packets on interface eth0, -n means we won’t convert addresses, -w means we just capture raw packets and udp means its only the udp packets we want and finally port 5060 means its only the sip messaging we want. In the second we dont specify port 5060 so that we get the rtp stream as well.
/usr/sbin/tcpdump -n -i eth0 -w /tmp/wireshark.pcap -s2000 udp port 5060 /usr/sbin/tcpdump -n -i eth0 -w /tmp/wireshark.pcap -s2000 udp
screen -S "udpDump" -dm tcpdump -n -i eth0 -C 9 -W 15 -w /var/log/asterisk/dumpsip.pcap -s2000 udp port 5060
The command above will write to file in the background and will rotate at 9 meg so suitable for cloudshark
Once you have started the capture and made a call as required you will get a file called for example /tmp/wireshark.pcap copy this to your workstation via ftp or sftp as you would copy any file.