Wireshark is a network protocol analyzer that captures network traffic and provides tools to analyze that network activity and visualize T.38 FoIP calls. If you've been asked to provide us with something like this, don't despair ... we're only expecting you to collect it, you don't have to do any of the analysis part!


As the root user, enter the following command:
tcpdump -s 0 > filename.pcap
A more elaborate, more selective version of that is:
tcpdump -s 1500 -i eth0 -w filename.pcap
The argument to -i will vary according to your setup. You can discover the name of your network interfaces using the ifconfig command. command. Place your test call, and then hit CTRL-C from the command line to exit the capture. Open the packet capture in Wireshark from any Windows, Linux or Mac OS X machine, the file format is portable. The file can be massively compressed using gzip for emailing or uploading to our support team. See man tcpdump for more information.


Install Wireshark on your Microsoft Windows machine, and open the application. The following procedure is a general example, your specifics may vary.
  1. Determine what network connections (interfaces) you have, and on which interface the T.38 traffic will be seen
  2. Prepare (but to not initiate) a test fax call.
  3. Begin the capture by going to Capture on the menu bar, and then click 'Interfaces'
  4. Click Start on the desired network interface. Wireshark begins capturing network traffic.
  5. Send your test fax, keeping the packet capture running
  6. Click Stop on the Capture menu bar
  7. Save the capture for later use using File, and Save.
If you would like to inspect the capture yourself, you can use a filter of "sip||rtp" to display only SIP and RTP traffic. And to visualize calls, select VoIP Calls from the Telephony menu, choose a call from the list of available calls, and then click on "Flow." To listen to the call, click on the "Player" button. Additional details for using Wireshark to review calls can be found at the link below: http://wiki.wireshark.org/VoIP_calls