Training Packet Capture Analysis of Voice Networks with Wireshark


Use Wireshark to identify and resolve thorny problems, including Voice, Video and Meeting Networks. Get hands-on experience with numerous scenarios and graded projects to build your skills. Get experience viewing IPv6. 2 weeks / 4 class sessions / 8 PDH.

In-Person Training

On-site training at your location


The course prepares to you to install and configure Wireshark to maximize your effectiveness for VoIP, creating captures, locating calls and associated media, analyzing QoS for audio and video problems, and using Wireshark’s analytics tools to find trouble spots in a busy SIP/IMS VoIP network.

  • Installing and Customizing Wireshark for effective VoIP Analysis
  • Understanding SIP, RTP, Fax, and T.38 DTMF
  • Finding a specific call, SIP transaction, or dialog
  • Matching a SIP call with its matching audio and video
  • Finding SIP error codes
  • Analyzing audio/video quality, and QoS marking
  • Identifying healthy RTP (SSRC, Mark, ptime, Payload Type)
  • Identifying SIP problems with SIP, NAT, DNS, routing
  • Interpreting RTP streams to identify network engineering problems
  • Finding SIP problems with I/O Graph Analysis
  • Extracting an individual VoIP phone call to a separate file
  • Dealing with Packet Duplication
  • Introduction to tshark for Command-Line VoIP Analysis
  • Big-Data Analysis of SIP and media with tshark
  • Building a packet-capture solution for a carrier or enterprise network
  • Wireshark compared with other tools, including Empirix, HOMER, VoIPMonitor, OCOM, RADCOM, and Tektronix


Course Content

Installing Wireshark

Managing Memory on Large Files

Understanding the display, menus, and options

Optimizing Wireshark for SIP and RTP as used in Voice networks

Using display filters with VoIP examples

Advanced Operators

Managing Negation

Applying Display Filters

Harnessing Time Display Format for analysis

Working with Wireshark Documentation

Building complex filter expressions with menus and lookup

Understanding SIP response codes and "failures" that aren't a problem

Understanding and viewing encapsulation with SDP, SIP, UDP, IPv4, and Ethernet

Reading and creating SIP Ladder Diagrams

Viewing and analyzing individual RTP (audio / video) packets 

Analyzing Streams for audio degradation

Understanding possible causes for gaps

Using coloring rules for Audio and Video Analysis

Session Border Controllers and their presence in packet capture

Analyzing Faxing with G.711

Analyzing Faxing with T.38

Understanding DTMF (Touch-Tone) with RFC2833 / RFC4733

Differentiated Services (DiffServ) for Quality of Service (QoS) Engineering

Domain Name System (DNS) Operation and Decoding

Analyzing SIP devices and their DNS use

Firewalls and effects on SIP

Troubleshooting SIP Loss and Retransmission

SIP over TCP

Prioritization, Packet Loss and Audio Degradation

Advanced Aggregated Traffic Analysis on Big Data packet captures

Analyzing SIP operation with I/O Graphs

Identifying Trouble Hotspots

Designing Data Center and System Packet Capture

Priorities for Capturing TLS 

Understanding and Managing Duplicate Packets

Using tshark including pipelines to other tools


ECG recommends basic knowledge of IP networking for students starting this class.

Course Resources

Download Exercises

Key Skills



Custom Filters

I/O Graphs