This is our old Q&A Site. Please post any new questions and answers at

Hi, We are using Wireshark to analyse some SIP messages. Some of the SIP messages are coming as "Malformed packets" (15 0.429555 2606:ae00:93a0:3cf3:0:25:410f:901 2001:1890:1001:2c00::7:5 IPA 1909 unknown 0x47 [Malformed Packet]). If I do the following step I can get the actual message. Right click the msg -> select the option Decode As... -> Select the option "Do not decode" -> Select the option "both" in the drop down box "TCP" -> click OK button.

I would like to know if there is a corresponding tshark command for the above operation.

Regards, Eldho

asked 18 Apr '13, 03:47

Eldho's gravatar image

accept rate: 0%

In Wireshark disable the IPA dissector, it's heuristics are too loose in that they pick up SIP traffic as well.

permanent link

answered 18 Apr '13, 04:21

Jaap's gravatar image

Jaap ♦
accept rate: 14%

Hi Jap, thanks for the reply. But my objective is to get the command-line option so that we can automate the operation.

(18 Apr '13, 05:19) Eldho
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 18 Apr '13, 03:47

question was seen: 2,126 times

last updated: 18 Apr '13, 05:38

p​o​w​e​r​e​d by O​S​Q​A