Plantronics + Polycom. Now together as Poly Logo

[FAQ] How can I capture the network traffic of the phone remotely?

Polycom Employee & Community Manager

[FAQ] How can I capture the network traffic of the phone remotely?

UCS 5.1.1 officially added a remote packet capture option to the phone in order to troubleshoot issue and provide wireshark traces if required.


<capture diags.pcap.enabled="1"  diags.pcap.remote.enabled="1" />


Above Parameters activate the feature on the Phone. 


The UCS 5.1.0 Admin Guide describes this on page 170 in the Remote Packet Capture for Logs section.


  • To start using this feature please download Wireshark from => here <=

  • Start Wireshark after the installation and select the Capture Interface Options


  • Manage Interfaces => Remote Interfaces => Add


  • IP Address of the phone
    Port 2002
    Username: Polycom
    Password: MAC Address of the phone in lower case and no colon ( : )


  • Once OK is pressed the interface should show up


  • Leave this menu via cancel

  • You are then able to select this new Interface


  • If an error message in regards the Buffer appears please click on OK


VLAN or additional Network Interfaces:




In the above photo the Phone uses a VLAN 242 but on a Trio as an example the WiFi interface can be displayed and selected.


Additional Settings


In addition to the above Wireshark can also be configured to capture a rolling trace with options to set a duration or a certain file size or the amount of files to be captured.


  • Capture > Options > Output


    Filename: Testfile.pcap or Testfile.pcapng

    The above will create 100MB files up until Wireshark is stopped

    Ticking "Use a ring buffer with" Files can be used if the Trace should run for a certain duration i.e. an issue is reproduced but a "rolling" Trace should capture the issue. Make this a larger number so the event is not missed.

  • Capture > Options > Options


    The above allows to specify the amount of files that should be created until the Trace is being stopped automatically

  • Capture > Options > Input > Capture filter for selected interfaces


    The above is usually selected to ensure only the traffic of a certain device is captured

    Capture Range of Devices

    Example: (ether [0:4] & 0xffffff00 = 0x0004F200) or (ether [0:4] & 0xffffff00 = 0x64167F00) 

    The above will only capture data from a Polycom MAC Range 0004F2 or 64167F which covers usually the Polycom Phone Range.

  • VLAN's

    Traditionally Windows PC's do not capture the VLAN Tag to show in Wireshark
    This must be enabled via a Registry entry:





Settings > Logging > Module Log Level Limits > Packet Capture > Event 1


0814203258|pcap |3|00|Successful RPCAP authentication
0814203259|pcap |3|00|Received RPCAP_MSG_OPEN_REQ
0814203259|pcap |3|00|Received RPCAP_MSG_STARTCAP_REQ
0814203259|pcap |3|00|Foreground Start event in Idle state
0814203259|pcap |1|00|RPCAP filter intruction: code=0x6 jf=0 jt=0 k=0x40000
0814203259|pcap |0|00|RPCAP data thread started
0814203259|pcap |3|00|Received RPCAP_MSG_UPDATEFILTER_REQ
0814203259|pcap |1|00|RPCAP filter intruction: code=0x28 jf=0 jt=0 k=0xc


Wireshark Error Message "Can't get list of Interfaces":


Using the functionality may cause this error


To resolve this use Explorer and browse to


and delete “recent” and “Recent_common


Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 1 of 1