Capture Skype VoIP Call Packets On Your Windows XP Computer Using Wireshark
There are various reasons why you may want to log the incoming packets for your Skype messaging client. You can log both calls and instant messages made via your Skype client using Wireshark. Wireshark is a free utility that can be used to log any traffic on your computer.
Turn Off Skype Alternative Port Connections:
To make sure you capture all of the Skype packets first make sure you turn off the alternative ports in Skype. This can be done by using the below directions.
- Skype Options: Open the Skype client, click Tools in the top navigation, and then select Options from the drop down menu.
- Skype Connections: Now click on the Advanced button in the bottom left of the Skype Options configuration window. This will expand and display three other items to click on including Advanced Settings, Connection, and Hotkeys. Click on the Connections link to display the Skype Connections configuration window.
- Modify Alternative Ports: By default Skype will be configured with alternative ports to use which are port 80 (HTTP) and port 443 (HTTPS) in case there is a firewall between your computer and the Internet that does not allow ports outside of a certain range. In the Skype Connections configuration window remove the check from the checkbox titled “Use port 80 and 443 as alternatives for all incoming connections” as shown in the below image.
- Save & Restart Skype: Click the Save button in the bottom right of the configuration window to save the options. You will need to restart Skype for the new options to start working.
Now that you have configured Skype to only use the specified port in the Skype Connection configuration window you know that all incoming traffic will be using this port. By default the port is port 45000 so we will be using that port to capture the incoming traffic.
Open Wireshark and follow the directions below to capture the Skype packets which can then be saved to a file and analyzed later.
Configure Wireshark To Capture Skype Incoming Packets:
- Open Wireshark: Click on Wireshark to launch the application which will display as shown below.
- Modify Capture Options: Now that the application is running wee are going to modify the capture options to only log incoming or outbound traffic using port 45000. Click on Capture in the top navigation menu and select Options from the drop down menu. First make sure that the correct interface is selected which in most cases is going to be the Ethernet port where you are plugged into your network. Next enter “port 45000” in the Capture Filter field as shown below.
- Start Capture: Click the Start button at the bottom of the Capture Options window to begin capturing packets. If your Skype is not running then you should not see any packets being captured but once you start Skype you will start to see packets logging into the Wireshark interface. Below is an example of what the packet capture will look like in the Wireshark interface.
- Stop & Save Capture: Once you have logged all of the packets you want to investigate then stop the Wireshark packet capture by clicking Capture in the top menu and selecting Stop from the drop down. After the capture has been stopped you can save the packets by clicking on File in the top navigation menu and selecting “Save As” from the drop down. Just select a name and location for the file.
That is all you have to do. It may take awhile to understand the contents of each packet but once you do Wireshark is a very valuable tool for not only troubleshooting Skype issues but any other applications that send and receive network traffic from your computer.