Wireshark-users: [Wireshark-users] SIP filter issues
Hello everyone
I have the following question.
I am filtering a wireshark trace with
((sip.Status-Code==487)&&(sip.to.user contains 46710000))
In other words my intended action is
"please display all 487 status lines for subscribers 46710000* "
or something like: "please show the failed calls for subscribers 46710000* "
however some packets are sent via TCP and are thus multiplexed in TCP stream frames
the filter displays a "matching" result which contains 2 packets:
- 1 with 487 response which I am interested in but for subscribers that I'm "not" interested in ... so the packet is useless
- 1 with other response (180 Ringing) which I'm "not" interested in but for subscribers that I am interested in ... so this packet is also useless
According to my opinion this is a bug in wireshark.
My intention is to display frames in which the filter criteria match in the "same" packet
so in theory these packets should be excluded.
If yes how I can report it?
If no,
does anyone happen to know
how I can "filter out" these packets and display only the ones that match both criteria in the same packet?
![]()
Thanks in advance
Manolis
I have the following question.
I am filtering a wireshark trace with
((sip.Status-Code==487)&&(sip.to.user contains 46710000))
In other words my intended action is
"please display all 487 status lines for subscribers 46710000* "
or something like: "please show the failed calls for subscribers 46710000* "
however some packets are sent via TCP and are thus multiplexed in TCP stream frames
the filter displays a "matching" result which contains 2 packets:
- 1 with 487 response which I am interested in but for subscribers that I'm "not" interested in ... so the packet is useless
- 1 with other response (180 Ringing) which I'm "not" interested in but for subscribers that I am interested in ... so this packet is also useless
According to my opinion this is a bug in wireshark.
My intention is to display frames in which the filter criteria match in the "same" packet
so in theory these packets should be excluded.
If yes how I can report it?
If no,
does anyone happen to know
how I can "filter out" these packets and display only the ones that match both criteria in the same packet?
Thanks in advance
Manolis
- Follow-Ups:
- Re: [Wireshark-users] SIP filter issues
- From: Guy Harris
- Re: [Wireshark-users] SIP filter issues
- Prev by Date: [Wireshark-users] How to capture SOAP protocol on UPnP network
- Next by Date: Re: [Wireshark-users] SIP filter issues
- Previous by thread: [Wireshark-users] How to capture SOAP protocol on UPnP network
- Next by thread: Re: [Wireshark-users] SIP filter issues
- Index(es):
- Get Wireshark
- Download
- Code of Conduct