Hi, We are using Wireshark to analyse some SIP messages. Some of the SIP messages are coming as "Malformed packets" (15 0.429555 2606:ae00:93a0:3cf3:0:25:410f:901 2001:1890:1001:2c00::7:5 IPA 1909 unknown 0x47 [Malformed Packet]). If I do the following step I can get the actual message. Right click the msg -> select the option Decode As... -> Select the option "Do not decode" -> Select the option "both" in the drop down box "TCP" -> click OK button. I would like to know if there is a corresponding tshark command for the above operation. Regards, Eldho asked 18 Apr '13, 03:47  Eldho |
One Answer:
In Wireshark disable the IPA dissector, it's heuristics are too loose in that they pick up SIP traffic as well. answered 18 Apr '13, 04:21  Jaap ♦ |
Hi Jap, thanks for the reply. But my objective is to get the command-line option so that we can automate the operation.