This document describes the ideal settings for a packet capture. For information about packet capture limitations and how to capture or download a packet, refer to Working with Packet Capture.
Complete the following steps to implement ideal packet capture settings:
Host IP address
List up to two IP addresses. If possible, use the host IP addresses against termination points that are terminating a single call.
For each IP address entered (Host 1 and Host 2), an additional field displays for setting the direction for the capture.
The Packet Capture feature is intended for short duration packet captures. For that reason, a maximum duration of 120 minutes (2 hours) is permitted.
The packet time-stamps ("Time" field in Wireshark) of media packets in a packet capture may display as large negative numbers that seem incorrect. However, the ordering of the media packets based on packet numbers ("No." field in Wireshark) will be correct.
Also, if you use the "RTP Player" in Wireshark to decode and play the media packets, the incorrect time-stamps may cause noise and/or distortion in the display and audio playback of the media packets. To work around this issue, in the RTP Player of Wireshark, select the "Use RTP timestamp" option and then click Decode.
If you stopped a packet capture and need to restart it, or need to repeat a previous capture to continue investigating a problem, use the Restart Last Capture option on the Packet Capture menu.