Creating SIP PCAP log files

PCAP (packet capture) is an open API designed to log network data. These data can then be read by network analysis tools (e.g. Wireshark) providing powerful system-independent options for display and analysis. estos UCServer allows you to collect SIP softphone signaling network data in PCAP files.
Since PCAP log files are created in estos UCServer, it is not necessary to install the Wireshark Win-pcap option (driver for recording on network interface cards). In addition, TLS-encrypted SIP messages can only be written to UCServer in readable form, since UCServer saves these messages in unencrypted form.

Configuration
Configuration takes place using the properties of the Line Group. The "PCAP Log" tab allows you to select either all lines in that group, or specific lines.
If a PCAP log is active, a blue "status icon" is displayed for this line group.

Check of PCAP log files
The name of the log file begins with sipav_[date_time] and ends with .pcapng. The generated file is processed according to the settings in Event with regard to directory, log file size and overwrite option ("Archive Old Logs"). The buttons "Delete log files" and "Collect log files" also work on the PCAP log files.

Analysis of PCAP log files
You can use the Wireshark analytical tool to display, filter and analyze any PCAP log files which were created. The tool provides extensive filtering options, including the tracking of specific calls as well as a graphical display of flowcharts.

Line group status
The status of the Line Group is displayed with a color icon only when PCAP log has been activated.

Icon	Statement
	Line group is PCAP log activated.