Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] One IP-Port pair missing in the pcap file

From: "Robert D. Scott" <robert@xxxxxxx>
Date: Wed, 24 Mar 2010 12:06:15 -0400
It looks like your session initiation is encrypted (Begin Frame 406).
Immediately after DNS query voipb.sip.yahoo.com (Frames 397 - 398) with
answers in (Frames 403 -405). You will not be able to decrypt any of the
setup exchange. :(

Robert D. Scott                 Robert@xxxxxxx
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of vishal borkar
Sent: Wednesday, March 24, 2010 1:28 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] One IP-Port pair missing in the pcap file

Hello all,
I recently captured a yahoo voice communication between my machine and a
friend.
What i observed was that when i opened the file in a text editor i could not
find the port and the IP of my system on which the actual communication took
place.
FYI my ip ( on which the UDP data travelled ):-192.168.0.230 Port(on which
the UDP data travelled ):- 22308

Though i can clearly see the communication happening on this IP-port pair
when i opened the file in Wireshark.
Can anyone tell me as to why this is happening ?
What i mean is aren't the SIP packets supposed to carry this information ? 
Since they are not carrying this information then how is the communication
taking place ?
I am attaching the file for your reference.

Thanks in advance,
Vishal