I'm using Ubuntu Jaunty.
I installed Wireshark from official package by the "apt-get' command, and it set up Wireshark 1.0.7 on my computer.
I had some issues with capture filters with this version (I'll develop the issue below).
That's why I thought it was a 1.0.7 bug, and I downloaded 1.2.2 version from this site: http://linux.softpedia.com/get/Internet/HTTP-WWW-/Ethereal-1961.shtml
I moved files in my computer -> /opt/
I red the INSTALL file and did the following:
I had some problems because there was missing libraries, like flex, bison or libgtk2.0-dev, but I installed all these libraries, I did a make, and compiled Wireshark 1.2.2
I launched it, it was working, but I had the same issue than in 1.0.7
So, it's not a bug!!! :)
I'm trying to capture SIP traffic
If I launch a capture without any filters, I can see some SIP packets in the network: REGISTER, 401 UNAUTHORIZED, 200OK...
all these SIP messages are working with UDP and port 5060 (for source AND destination)
If I launch with a capture filter (I tried a lot of filters: udp, port 5060, src port 5060, udp port 5060, host xxx.xxx.xxx.xxx, ...) I cannot see REGISTERs (or all sip requests in general) anymore for all these filters.
Iím able to see these packets without filter... Why canít I see them with th filter?
Some friend told me it's a libpcap problem. The libpcap version in my computer is 1.0.0-1 (almost the last one)
What's going on??? I really don't understand.
I had some capture filters for wireshark under Windows XP, I put the same filters for Wireshark under Ubuntu (for 2 Wireshark versions) and it doesn't work...
It's really strange.
If someone has a solution, it would be a salvation for me.
Thanks in advance