How to use Wireshark (in Windows) and capture SIP+RTP traces

Especially when working from home, agents sometimes experience issues with their phone calls. This might be audio quality issues or calls breaking up for instance. Sometimes the reason therefore is simply a bad internet connection. However, in other cases the problem can be solved by changing the router settings or other. To identify the root cause of the issue, babelforce needs to analyze the SIP and RTP traces of one of the agent's flawed phone calls. In this article we want to explain how you can capture the traces to send them to babelforce and have them analyzed.

1. Install Wireshark

Firstly, we need to install a tool that is able to capture SIP and RTP traces. Wireshark is a free and open source backend analyzer which is used inter alia for network troubleshooting. Therefore, head over to and select your operating system. Let's go through the installation taking Windows as an example. If you already have Wireshark installed on your computer, you can direktly continue with the second part of this article


After clicking on "Windows Installer (64-bit), the download starts automatically. When finished, open the executable file by clicking on the blue button on the top right corner of your browser (firefox) or at the file shown on the bottom left corner (Chrome) to start the Installation.


Allow this app to make changes on your computer when the user account control info pops up. Click "Next" and agree to the terms of agreement.

Also, click on "next" when the components for the installation are shown and leave the additional tasks as default:










Choose your destination folder and click on "next"


Leave "Install Npcap" checked and "Install USBPcap" unchecked. Click "Install"






Once the Agreement for Npcap pops up, click on "I agree"


Leave the Npcap options as default and click on "Install"


Once the installtion has been completed successfully, click on "Next", then on "Finish".

Great, you are now ready to use Wireshark.

2. Capture your SIP and RTP traces

In your system's search bar, seach for Wireshark to open the programme. Then, choose the connection you are using. In my case, this is "WLAN". Doubleclick on that.


Immediately, you will see a window poping up which already captures some traces. It should look something like this:


The information captured here is TCP. However, we would like to capture RTP and SIP. Once a call is connected, Wireshark will capture SIP and RTP traces, though. They will look similar to this.


For now, don't worry about the traces and leave them running in the background. Once you experienced the issue you want to report to babelfoce, stop the traces by clicking on the small red squared button.

Great, now the only thing left to do is saving these traces and sending them to babelforce. However, as you don't want to send all your traces, but only SIP and RTP, you will have to use a display filter. Therefore, type "sip||rtp" into the filter field and click on the small arrow on the right:


There is only one last step missing now. Click on "File" in the top left corner and select "Export specified packets..." from the drop down menu:


Give it a name and save the file as a ".pcapng" file.

Great you're done! Now you can send your SIP and RTP traces to support@babelforce. Please remember to also name the time and date as well as "from" and "to" number of your flawed call.



Have more questions? Submit a request