Wireshark

Wireshark does not show outgoing traffic. What's wrong?

Hello everyone, guys. The situation is as follows:
1. Lan 192.168.*.*/24 (sip + computers sit in it) - separated only by ip range
2. win serv 2008 r2 - kerio transparent external interface + lan + vpn (virtual kerio connection with another office)
the scheme is such that all equipment hangs on 2 switches (sip and computers) are connected by a trunk port, and then in kerio - well, from there to the world.
Now, recently, glitches with telephony have begun (not always, but there is a place to be) - a conversation is pouring in - it is impossible to distinguish between speech. Now I want to look at the whole thing through wireshark - it turns out:
1. I start wireshark on the external interface of Kerio (with the filter ip.addr == "ip addresses of the telephony provider". As a result, in the dump I see only incoming outgoing traffic, although there are no calls from the office to this time is.
2. It is interesting that the dump shows not my external interface, but the local (no matter the sender or recipient) of the employee from where or where the packets go, and the provider's ip is normal (external, of course).
Help me figure out what's wrong.