packet capture guide

PCAP Troubleshooting Checklist

A packet capture is strongest when you know what question you are asking. Start with time, direction, protocol, and the closest capture point to the reported issue.

Start With Scope

Confirm the capture time overlaps the problem.
Identify client, server, PBX, SBC, or gateway addresses.
Check whether the capture point can see both directions.
Filter down before drawing conclusions.

For SIP And RTP

Read the SIP ladder before judging media.
Check SDP connection addresses and ports.
Compare RTP packet counts in both directions.
Review sequence gaps, jitter, duplicates, and out-of-order packets.

For DNS And TCP

Look for DNS response codes and answer records.
Check TCP handshakes, resets, and retransmissions.
Separate server delay from network packet loss.

Troubleshooting Route

Use this guide as the field note, then move through the matching tools to gather evidence.

1 PCAP Splitter Split a local PCAP or PCAPNG into one SIP signaling PCAP per Call-ID for focused call review.
2 SIP Call Flow Analyzer Analyze SIP call flow from a PCAP with call grouping, ladder arrows, failure clues, timing gaps, codecs, and message details.
3 RTP Health Analyzer Compare RTP streams in a PCAP for source and destination, codec, SSRC, packet count, packet loss, jitter, gaps, and VoIP audio quality clues.
4 PCAP To WAV Extractor Extract G.711 RTP audio from a PCAP into a WAV file for call review.
5 DNS Lookup Tool Look up DNS A, AAAA, CNAME, MX, TXT, NS, SOA, SRV, and CAA records.

Related Glossary Terms

PCAP RTP SIP SDP Jitter Packet Loss

Open tools panel