Sniffing SIP packet with Wireshark from another PC

Question

I'm trying to sniff SIP packets between two PC.

Network topology is just like this one(Hope you dont mind some korean). So to explain the image, Client A is trying to call through VoIP to Client B, and Snipper PC connected to same network through dummy hub, is trying to sniff SIP packets using Wireshark. The call is successful bewtween Client A and B using X-Lite, and from Client A and B, SIP packets can be sniffed with Wireshark, but when I try from other PC that connected to the same network but not included in the call, Wireshark doesn't show SIP or RTP packets. How can I sniff SIP packets of two communication PC from other PC?

Answer 1

According to scheme, client A and B are connected using L2 switch(es), sniffing PC is connected to the same L2 segment via hub. L2 switch tries routing packets directly to destination based on MAC-address, so other devices connected to the same L2 switch doesn't receive copy of packet, therefore sniffing fails.

You can fix this in two ways:

1. plug client A or client B directly to the same hub as sniffing PC.
2. setup port mirroring on L2 switch explicitly instructing it to forward all necessary packets to port, which is used by sniffing PC. In this case, hub isn't needed.

There is a detailed tutorial on these and other ways to setup capture with very helpful pictures.