On 6/1/12 22:42 , Gerald Combs wrote:
> On 6/1/12 1:15 PM, Jeff Morriss wrote:
>> Though I am nervous about this whole packet-dependency thing causing
>> users to say "I filtered on RTP and you saved my SIP too!"
>
> A few months ago I talked to someone who complained that Wireshark
> *didn't* do that. In his case it would've been useful to see related
> ARPs when filtering down to a TCP stream.
>
Yes, but where does one stop going down that route? For RTP initiated by
SIP one might want to be able to save the related SIP messages. For RTP
initiated by H.323 it already needs H.225 and H.245, for some of the
UMTS/3G protocols there's probably loads more involved. If you want
context for a call IMHO it is up to the user to provide the context
using capture/display filters. Not all context can be provided by
conversations.
Providing some information about heuristic/"decode as" frames I can see
as being useful. That would be along the path of least surprise.
--
Andreas Sikkema
