I recently encountered a situation where I needed to troubleshoot SIP calls passing through a Cisco router (CUBE) and wanted a convenient way to capture and view the stream.

To accomplish this, you will require:

1. Command Line Interface (CLI) access to the router.

2. Wireshark installed on your personal computer.

3. A tftp server installed on your personal computer (I utilized tftpd from tftpd32).

Follow these steps:

1. Log into the router and create the capture policy:

ip traffic-export profile <name> mode capture bidirectional

2. Assign the capture profile to the interface:

<interface <interface>

  ip traffic-export apply <name> size 20000000

3. Clear any existing data and initiate the export:

traffic-export interface <interface> clear

traffic-export interface <interface> start

4. Test your application (or in my case, a SIP call).

5. Once the test is finished, stop the export:

traffic-export interface <interface> stop

6. Export the captured traffic to your personal computer via tftp:

traffic-export interface <interface> copy tftp:

7. Use Wireshark to open the file, and then navigate to "Telephony" at the top and select "VoIP Calls" to analyze the SIP traffic.

Additionally, if you wish to send your logs (for debugging purposes) to your personal computer via tftp, use the following command:

show logging | redirect tftp://tftpserver/destinationfilename| redirect tftp://tftpserver/destinationfilename

If you need Cisco Routers, or need more information, welcome write to: [email protected]