Wireshark – Network protocol analyzer tool

When to get

Wireshark captures are required when it is necessary to analyze network communication, packet flow, delays, or connection problems.

It can be requested by the SmartPTT technical support team or developers. 
Be advised, uncontrolled captures may miss required data or generate unnecessarily large files.

Where to get

Wireshark can be downloaded from the official website:
https://www.wireshark.org/#download

Download the latest stable release for your Windows version (32-bit or 64-bit).

How to use

1. Install Wireshark and launch the application from the Desktop or Start Menu.
   
2. In the main window, click Capture Options.
   
3. Select the network interface(s) to capture traffic from:
   If you know which interface is used by SmartPTT (for example, Ethernet or a specific VPN adapter), select it.
   If you are unsure, select all available interfaces.
   
4. Click Start to begin capturing traffic.
5. While the capture is running, reproduce the issue or behavior that needs investigation.
6. Once the issue has been successfully reproduced, stop the capture by clicking the red Stop button in the upper-left corner of the window.
   
7. Save the capture file using the Save button next to the Stop button.
   

The resulting file contains the recorded network traffic and will have a .pcapng extension.

Tips and tricks

If the capture file size exceeds common email limits (usually ~10 MB), upload it to an online file storage service such as:

• Google Drive
• OneDrive
• Dropbox
• or any other preferred cloud storage

Always provide a short description of what was happening during the capture:

• What action was performed
• What issue was observed
• Approximate time when the issue occurred

Keep captures focused:

• Do not perform multiple tests within a single capture.
• Multiple scenarios in one file make issues harder to localize, analysis difficult, and time-consuming.

If the SmartPTT support team has provided specific capture instructions (filters, interfaces, timing, or scenarios), follow them carefully. These recommendations are intended to maximize the usefulness of the capture.

Continuous capture (ring buffer mode)

In some scenarios, an issue occurs unpredictably or only after prolonged system operation. In such cases, it is recommended to use continuous capture with file rotation (also known as ring buffer mode).

This method allows Wireshark to capture traffic continuously while automatically splitting it into multiple files of limited size or duration. Once the configured limit is reached, the oldest files are overwritten. This ensures disk space is controlled while preserving the most recent network activity before and after an incident.

Typical use cases include:

• Intermittent or random disconnections
• Sporadic audio dropouts
• Radioserver or dispatcher reconnects without a clear trigger
• Issues that cannot be reproduced on demand

How to configure a capture loop

1. Open Wireshark and click Capture → Options… (or press Ctrl+K).

2. Select the required Interface(s):

   • Choose the interface used by SmartPTT traffic (Ethernet, VPN adapter, etc.).
   • If unsure, multiple interfaces may be selected.

   

3. In the Output section:

   • Enable Use multiple files.
   • Enable Ring buffer with.

   Configure capture limits:

   • File size (for example, 20 MB), or
   • File duration (for example, 5–10 minutes).

   

4. Set Maximum number of files to retain (for example, 10–20).
5. Click Start to begin continuous capture.
6. Leave the capture running until the issue occurs.
7. After the issue is observed, click the red Stop button to stop capturing.

Wireshark will automatically keep only the most recent files, which typically include traffic immediately before, during, and after the incident.