I need to do a packet capture for voice traffic from a couple VpIP phones from site A to site B. Only one of the sites has a PRI for outgoing calls so all the traffic for branch offices goes over WAN. The internal extension dialing has been hit/miss so I want to do a packet capture on the MX64 as well as site B MX64. Is it as simple as configuring a packet filter for host 184.108.40.206 at each site to capture that traffic?
You can always filter the traffic with the following rules, please note that the maximum packet capture duration is 432000 seconds, the capture will stop after 60 seconds, or when 5000 packets have been captured.
host 10.20.30.40 packets to and from ip address 10.20.30.40 host 10.20.30.40 and port 80 packets to and from ip address 10.20.30.40 and TCP or UDP port 53 (DNS) icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply all ICMP packets that are not echo requests/replies (i.e., not ping packets): ether host 11:22:33:44:55:66 packets to and from ethernet host 11:22:33:44:55:66
It is always preferred to run the packet capture without the dashboard filters and use Wireshark filter when we want to check inside header values (i.e. caller and calling station id in radius packets)