Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] how recognise a udp packet data part is sip packet?

Date: Tue, 2 Jun 2009 17:44:45 +0800
 
hi,
 
as the define in packet-sip.c
#define TCP_PORT_SIP 5060
#define UDP_PORT_SIP 5060
#define TLS_PORT_SIP 5061
 
I know when a tcp/udp/tls packet's port is 5060/5061, the protocol analyzer will dissect it into sip protocol.
 
however, as the first packet in the accessory, its src port is 6304 and dst port is 6090, and this packet is also dissected into sip protocol.how wireshark know this packet is a sip packet?
 
can you tell me how and why? thanks a lot!

Best Regards,
 
Ade Zhang

Attachment: sip_port.pcap
Description: sip_port.pcap