Capturing traffic for VoIP troubleshooting

When troubleshooting VoIP issues, there are a few ways to get the details needed for both Soft Solutions and our vendors to assist. This will be along the lines of increasing the logging verbosity within 3CX, generating the 3CX support email, or getting a packet capture from a tool such as Wireshark or 3CX’s built in capture system.

For systems not connected to a local PBX (capable of packet capture), or hardware such as Grandstream IP phones, the Wireshark free tool can be used to analyse network traffic.


Why are these needed?

Packet captures show all network UDP and TCP goodness that are talking to one another. Being able to see that conversation on a capture level, allows us to spot what could be malfunctioning and trace it back to the problem source. This could be in the network stack, PBX or the physical phone faulting. Thankfully creating a capture of this traffic is super simple.



First, we need to go to our activity log module from the main 3CX management console.



Next, we need to get our capture running. Check the network interface listed (in this case LAN) is the correct one you would like to capture traffic.



You will be presented with the below popup:



Excellent, you are now capturing traffic. Go ahead and replicate the fault that you are trying to capture the traffic for (stay on the page and leave the pop up, while it captures). It doesn’t hurt to repeat the fault twice either, just to make sure everything is recorded.


After clicking the stop button, you will receive a pop up that has a download link. You can now download the capture, and send it to us at to assist with troubleshooting the fault.




The Grandstream series of IP phones have a couple ways of generating logs and packet captures. By far the easiest, is to use a tool called Wireshark to grab the device’s communication. Now, a quick disclaimer – Wireshark can appear extremely intimidating due to its massive diagnostic feature set. However, it’s just a few easy steps to get the file needed. From the main Wireshark screen, you will see the below picture. The format here is to type “host” followed by a space and then the IP address of the device you are trying to capture traffic from.



Clicking the blue shark fin in the top left of the screen will start the capturing process.


The square stop button can be used after you have replicated your fault a couple of times. After stopping the capture, simply go to File > Save As and save your capture and send it to us at We all knew that wouldn’t be too daunting right? Occasionally email filter software can detect captures as being unfriendly. Before emailing, please put it into a Zip file.


My go to tool is Wireshark

The Wireshark capture tool is a free download and available here or you may have another capture tool that does the same job to grab the important information.



Packet captures are easy to gather and very important in the troubleshooting process. The granularity that a trace/packet capture gives, greatly assists in working out where the fault and issue is on the system. It isolates whether the fault lies in the PBX configuration, network configuration or a faulty device. Wireshark especially, is my go-to for diagnosing VoIP issues and has helped many of our Soft Solutions customers get systems back up quickly.