Wireshark-users: Re: [Wireshark-users] One IP-Port pair missing in the pcap file
From: "Robert D. Scott" <[email protected]>
Date: Wed, 24 Mar 2010 12:06:15 -0400
It looks like your session initiation is encrypted (Begin Frame 406).
Immediately after DNS query voipb.sip.yahoo.com (Frames 397 - 398) with
answers in (Frames 403 -405). You will not be able to decrypt any of the
setup exchange. :(

Robert D. Scott                 [email protected]
Senior Network Engineer         352-273-0113 Phone
CNS - Network Services          352-392-2061 CNS Phone Tree
University of Florida           352-392-9440 FAX
Florida Lambda Rail             352-294-3571 FLR NOC
Gainesville, FL  32611          321-663-0421 Cell

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of vishal borkar
Sent: Wednesday, March 24, 2010 1:28 AM
To: [email protected]
Subject: [Wireshark-users] One IP-Port pair missing in the pcap file

Hello all,
I recently captured a yahoo voice communication between my machine and a
What i observed was that when i opened the file in a text editor i could not
find the port and the IP of my system on which the actual communication took
FYI my ip ( on which the UDP data travelled ):- Port(on which
the UDP data travelled ):- 22308

Though i can clearly see the communication happening on this IP-port pair
when i opened the file in Wireshark.
Can anyone tell me as to why this is happening ?
What i mean is aren't the SIP packets supposed to carry this information ? 
Since they are not carrying this information then how is the communication
taking place ?
I am attaching the file for your reference.

Thanks in advance,