Showing results for 
Search instead for 
Did you mean: 
Setsuko Saito
Cisco Employee
Cisco Employee

One of the effective methods for troubleshooting network is to capture packets flowing through a network and to analyze them.

Wireshark (previously called Ethereal) is widely used as a packet capturing tool.

Here we will introduce an application example of Unified Communication (UC) related troubleshooting of Wireshark.
(We omit the description of basic operation of Wireshark as many websites out there explain it)


A Voice Playback Method from RTP Packets


A problem related to the voice quality may occur in the UC network.Various cases of voice quality problem include dead air, one-way audio, sound interruption, large (small) volume, noise occurrence, and distortion of sound. The forensics method and the troubleshooting differ depending on the case.

When an inquiry regarding the voice quality is received, first of all, conduct a detailed interview with the users to grasp what kind of problem is occurring. But the information collected from the interview can be ambiguous as it relies on user's subjective viewpoint and memory. There is a method to analyze RTP packets that is more accurate and objective forensics method.


Now an analysis method of RTP packets using Wireshark will be explained. Note that we assume that the packet capture, which monitored a switch port connected to IP Phone and Voice GW as object of forensics, is already obtained.


1. Open the collected packet capture data in Wireshark.

2. Apply a filter with the terminal information (such as IP Address) of the forensics object to narrow the data to be analyzed.

If a signaling packet (for example, H.323 or SIP) is included in the captured data, Wireshark automatically recognizes and handles UDP packets as RTP packets. In the above example, UDP is not decoded as RTP since the signaling packet is not included.

3. Decode UDP packets as RTP packets

Select a UDP packet of the stream to analyze, and select "Decode As..." by right click.

Select RTP from the "Decode As" window.

This operation changes the display of Protocol from UDP to RTP.

Select "RTP > Show All Streams" from the Telephony menu.

Select the RTP stream of forensics object. Pressing the "Find Reverse" button selects the RTP stream of reverse direction that corresponds.

Press the Analyze button to investigate the statistical information (such as Max delta, Max jitter and Lost RTP Packets) of the RTP packets of the Forward and Reverse direction.

Press the "Save payload..." button to save the voice (payload) of each of the Forward Direction and Reverse Direction individually.

In the above example, the payload is saved in the .au format.

Open the saved voice file in the WAV file editor (such as Audacity) to analyze the voice data.

The WAV file editor function enables the analysis of volume and frequency characteristics.


Thank you for sharing your know-how to help others! The document is well written and easy to understand/use.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links