Back to Blog
Tech

PCAP made it

Published on:

July 21, 2015

Once we have the PCAP, finding a problem is becoming almost a pleasure. Because the files are small, and everything is in the same place. It becomes easy to find jitter problems, missing RTP packets and so on. Last week I saw how another external tool took the PCAP idea to the next level. Using an Ethernet switch with port mirroring, all the traffic that hits the PBX also hits the monitoring server, which also sorts the traffic by calls and then puts them into different files. There were nice logs of SIP packets, RTP analysis and other things you want to know about a call.

Hamlet Collado

A few years ago, we have added PCAP recording to the list of features supported by the Vodia PBX. At that time we were just so sick of going through Gigabytes of Wireshark traces that we just added something in the code that does this job based on the associated call. It would save us a lot of time sipping through endless lists of calls that have been recorded over hours of conversations, literally trying to find the needle in the haystack.

Once we have the PCAP, finding a problem is becoming almost a pleasure. Because the files are small, and everything is in the same place. It becomes easy to find jitter problems, missing RTP packets and so on. Last week I saw how another external tool took the PCAP idea to the next level. Using an Ethernet switch with port mirroring, all the traffic that hits the PBX also hits the monitoring server, which also sorts the traffic by calls and then puts them into different files. There were nice logs of SIP packets, RTP analysis and other things you want to know about a call.

There is only one problem when using the port mirror method: Encrypted calls will be invisible there. Because the TLS traffic cannot be intercepted by the monitoring device, it will not be able to figure out which RTP packets belong to which call, and thus not be able to put the whole call together. The PBX can do that, because it has the cryptographic context.

The disadvantage of the PBX recording all the PCAP is performance. It simply takes additional CPU horse power to write the files. The decoding is not so much a problem as it has to be done anyway. But the writing to the file system causes the system some extra work. Compared to the call recording this causes less work, because the PBX does not actually have to look into the media packets.

I can think about two things that the PBX could have in the next version. The first thing is to automatically delete the PCAP files after so-and-so many days, simply to make sure that the system is not eventually running out of disk space. The other thing is to make the PCAP files accessible from the web interface, possibly linked to the CDR records.

Latest Articles

View All
Editorial

Start 2026 with a cloud PBX built for real-world deployments

A flexible, cloud-neutral PBX built for real-world deployments in 2026, Vodia supports MSPs, enterprises, and service providers with an open, SIP-compliant platform designed for scale. With Vodia PBX version 70 arriving in Q1 2026, the platform brings multi-tenant hosting, reuse of existing IP phones through centralized provisioning, built-in WebRTC softphones, transparent licensing, and partner-driven support, giving organizations full control over modern business telephony without lock-in or hidden costs.

January 13, 2026
Webinar

Seamless Compatibility: Htek and Vodia Joint Webinar - Recording Now Available

The recording of the Htek and Vodia joint webinar “Seamless Compatibility” is now available, showcasing how the Vodia PBX integrates with Htek’s UCV(Pro) and UC900 series IP phones. The session highlights zero-touch provisioning, real-world deployment examples, and practical use cases for education and hospitality, illustrating how the combined solution delivers a reliable and future-ready communications setup for businesses of all sizes.

January 7, 2026
Announcement

Vodia in 2025: Reflections and What’s Next

Vodia’s 2025 marked a year of pragmatic AI adoption, unprecedented platform robustness, and laying the foundation for the next phase of the PBX. With version 69 reaching exceptional stability, focus has shifted to version 70, which introduces a redesigned admin interface and major architectural improvements in scalability, resilience, and flexibility. Alongside steady expansion of integrations and partner tooling, the roadmap for 2026 emphasizes refined user experiences, modernized apps, and continued investment in reliability over hype.

December 23, 2025