This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Develop a SIP&RTP display filter

0

Hi,

I'm trying to find out the way to make a display filter that includes two different, but related, protocols. I mean, SIP messages contains information about RTP ports. What I am doing now is:

  1. Filter a SIP flow
  2. Analyse which ports RTP is using
  3. Add this information to the display filter
  4. Filter again.

I'd like to develop a filter to do it automatically but I've seen nothing similar. Should I develop a chained-dissector, a post-dissector or should I develop inside display filter?

I've taken a look at this: http://wiki.wireshark.org/Lua/Examples#Dump_VoIP_calls_into_separate_files

Thanks

asked 21 Nov '12, 04:27

Robin's gravatar image

Robin
6225
accept rate: 0%

One Answer:

1

MATE is your friend here.

answered 22 Nov '12, 04:09

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

I've just read the description, it seems to fit perfect. Thank you so much!

(22 Nov '12, 04:56) Robin