Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5172] Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem

Wireshark-bugs: [Wireshark-bugs] [Bug 5172] Wireshark 1.4.0 & VoIP calls "Prepare Filter" proble

Date: Thu, 2 Sep 2010 14:04:28 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5172

--- Comment #3 from Jaap Keuter <jaap.keuter@xxxxxxxxx> 2010-09-02 23:04:26 CEST ---
Selecting the first call and asking for the filter gives me:
(((h225.guid == 00b02397-3be6-0410-2506-273445124321 || q931.call_ref == 10:ab
|| q931.call_ref == ff:ff) || (ip.addr == 2.0.0.0 && tcp.port == 1029 &&
h245)))

while selecting the second call gives me as filter:
(frame.number == 711 or frame.number == 718 or frame.number == 719 or
frame.number == 721 or frame.number == 722 or frame.number == 723 or
frame.number == 725 or frame.number == 726 or frame.number == 727 or
frame.number == 728 or frame.number == 729 or frame.number == 730 or
frame.number == 732 or frame.number == 733 or frame.number == 740 or
frame.number == 743 or frame.number == 750 or frame.number == 752 or
frame.number == 790 or frame.number == 839 or frame.number == 861 or
frame.number == 927 or frame.number == 1107 or frame.number == 1168 or
frame.number == 750 or frame.number == 1171 or frame.number == 1187 or
frame.number == 1959 or frame.number == 3250 or frame.number == 3255 or
frame.number == 3334 or frame.number == 3343 or frame.number == 5619 or
frame.number == 5627 or frame.number == 5988 or frame.number == 5995 or
frame.number == 8106 or frame.number == 8113 or frame.number == 9970 or
frame.number == 9980 or frame.number == 14495 or frame.number == 14501 or
frame.number == 21179 or frame.number == 21182 or frame.number == 21587 or
frame.number == 21595 or frame.number == 25413 or frame.number == 25418 or
frame.number == 34149 or frame.number == 34151 or frame.number == 34152)

which show the H245, H225 and every first RTP packet after a codec change. 

So these two calls are sufficiently different to force the first one to fall
back to the constructed version. The only odd thing in there is the h245
ip.addr. When set to 10.7.53.201 it shows more interesting stuff. 
Now all we have to do is to find out where the IP address comes from.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 5172] New: Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 5108] Flow Graph Cannot be Resized
Next by Date: [Wireshark-bugs] [Bug 2952] SMB2 write responses improperly dissected
Previous by thread: [Wireshark-bugs] [Bug 5172] Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem
Next by thread: [Wireshark-bugs] [Bug 5172] Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem
Index(es):
- Date
- Thread