tried multiple wireshark versions. read Help files, wiki and forums but no one seems to have my issue. Now using wireshark 1.10, I can capture packets using my laptop gig port. I can filter SIP traffic and notice it<s using port 5060, and IP phones are using IP addresses in the 10.x.x.x range. But if i select that same network card, attempt to add a packet filter (ex: net 10.x.x.x/24, or port 5060, host 10.x.x.x.) no packets are captured. The only filter that actually work is "ip" what am I doing wrong? One thing I should mention is that the sip session is mirrored to my ip address, not a mirrored port. asked 23 Jul '13, 08:17  simseb451 |
2 Answers:
Are there 802.1q vlan tags in the packets? If so, you will need to use the See also:
If that's not the answer, then maybe you could post a small capture file to cloudshark and share the link to it here. answered 23 Jul '13, 09:50  cmaynard ♦♦ |
Since the filter All the capture filters you mentioned will filter only on the first IP headers, while you want to filter on the second IP headers or udp port. You will need to build a filter that dynamically skips the first IP/TCP layers. But that filter will depend on the actual layers that are in your trace. Could you share a couple of packets on www.cloudshark.org and paste the link here? Beware to not upload any sensitive data. That way we can help you build a filter... answered 23 Jul '13, 14:36  SYN-bit ♦♦ |
How did you do that?
What was the capture filter you used?