Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Wireshark 1.2.1 doesn't capture SIP on Intel(R)PRO/1000 GT

From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Fri, 24 Jul 2009 12:07:47 -0700
Your client and SIP server are on the same machine, right? If so, the packets are managed directly by the TCP/IP stack i.e. they do not go to the network interface, so WinPcap (hence Wireshark) will not capture them.
 
You need to run client and server on separate machines (or eventually with virtual machines).
 
Have a nice day
GV
----- Original Message -----
From: Ido Feins
Sent: Friday, July 24, 2009 11:32 AM
Subject: [Wireshark-users] Wireshark 1.2.1 doesn't capture SIP on Intel(R)PRO/1000 GT Desktop Adapter

Hi, for some reason Wireshark doesn't capture SIP messages even when I'm leaving the filter empty.
It is also configured to capture packets in promiscuous mode.

I am using SIPp (version 3.1.1) to generate the SIP messages.
SIPp is a program that can generates SIP messages and check that they are being received.

I'm running SIPp in two separate shells, one that runs a default client scenario (uac) that generates INVITE messages,
and in another shell a default server scenario (uas) that receives the INVITE and confirms them with 200 OK responses.

Here is the screenshoot of the client:
http://img231.imageshack.us/i/sippuac.jpg/

Here is the screenshoot of the server:
http://img207.imageshack.us/i/sippuas.jpg/

As you can see, the client sends INVITE messages and receives 200 OK responses from the server,
and the server receives INVITE messages and sends 200 OK to the client.
So the problem is not with the sending/receiving of the messages but with wireshark.

Do you know what could be the problem and how to fix it?
Thanks


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe