This how to do a packet capture on a Juniper SRX device. The file is then saved at /var/tmp and can be uploaded using FTP or SCP.
For example:
172.25.104.10 – the IP address of the phone system
10.150.11.62 and 10.150.11.60 – VoIP handsets
# Configure a file for the capture
edit forwarding-options packet-capture
set file filename voip-pcap-test
set maximum-capture-size 1500
# Configure firewall filter to capture packets
set firewall filter PCAP term 1 from source-address 172.25.104.10
set firewall filter PCAP term 1 from destination-address 10.150.11.62
set firewall filter PCAP term 1 from destination-address 10.150.11.60
set firewall filter PCAP term 1 then sample
set firewall filter PCAP term 1 then accept
set firewall filter PCAP term 2 from source-address 10.150.11.62
set firewall filter PCAP term 2 from source-address 10.150.11.60
set firewall filter PCAP term 2 from destination-address 172.25.104.10
set firewall filter PCAP term 2 then sample
set firewall filter PCAP term 2 then accept
set firewall filter PCAP term allow-all-else then accept
# Apply the filter to relevant interfaces
set interfaces ge-5/0/9.0 unit 0 family inet filter output PCAP
set interfaces ge-5/0/9.0 unit 0 family inet filter input PCAP
The file can be opened using Wireshark as usual.