Before any configuration can be set the system needs to be tested to ensure that the monitor NIC has been setup correctly and is capturing the SIP trunk voice traffic. This can be performed using a network protocol analyzer such as the free and open source Wireshark (http://www.wireshark.org/).

The following steps show how to use Wireshark to perform the validation, this was performed using Wireshark v1.8.3, steps may vary with other versions.

Once installed, from the Capture menu select Interfaces and then check the box next to the NIC card listed that is performing the capture. In this example the second NIC listed ("Intel (R) PRO/1000 PL Network Connection") is performing the capture, whereas the first NIC is the main connection to the LAN.

Click on Start and this will begin to show all of the network traffic that is been captured. To filter the traffic to only SIP calls and RTP traffic, enter "sip|| rtp" into the Filter box and click on Apply.

Make an inbound test call and the SIP & RTP traffic should start to be displayed in window as shown. If nothing is shown then either the wrong NIC has been selected or the port mirroring configuration is not correct.

Once the capture has been successful then select Stop from the Capture menu. Then from the Telephony menu select VoIP Calls, after a few seconds there should be a SIP call shown. There may be multiple calls depending on how many calls have been captured.

Select one of the calls, click on Player then Decode and the timeline for this call is shown. You should see only two timelines, one for the inbound and one for the outbound legs of the call.

If this matches then the port mirror configuration is correct. Take a note of the device that has been configured as this will be needed when configuring the mirror ports within the call recorder. In this example the device is "NPF_{4FB2EFF0-213D-4747-902E-742DC6512322".