Wireshark · Ethereal-dev: Re: [Ethereal-dev] Display filter problem

Ethereal-dev: Re: [Ethereal-dev] Display filter problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 24 Sep 2003 17:57:33 -0700


On Sep 24, 2003, at 8:48 AM, Vaidya, Vivek wrote:

I have a big ethereal trace file which contains trace of lot of SIPcalls. Iwanted to see trace of one particular SIP call. So I tried to usedisplay
filter:

 eg. sip.Call-ID == "[email protected]" || sip.Call-ID ==
"8695144601-5806993502145601-11"
But it displayed packets coming in from the Softswitch to the SIPendpoints,
but not in the reverse direction.

Would you please let me know what is the problem?

The problem is probably that the packets going in the reverse directiondon't have data in them that Ethereal dissects as "call ID" fields withthose values.

We'd probably have to see a capture file with one of the packets that*should* have been matched by the filter, but *wasn't* matched by thefilter, in order to see why that's happening.

References:
- [Ethereal-dev] Display filter problem
  - From: Vaidya, Vivek

Prev by Date: Re: [Ethereal-dev] TimeReference frames and wish list change requests
Next by Date: [Ethereal-dev] interface options patch IV
Previous by thread: [Ethereal-dev] Display filter problem
Next by thread: Re: Re: [Ethereal-dev] Has anyone seen a recent version of Etherpeek ...
Index(es):
- Date
- Thread