This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

“INVITE sip”: Field Name?

0

I have a VOIP gateway running in "Debug" mode - so that it throws copies of all it's packets to my workstation - and WireShark is showing said packets.

The packets I am interested in start with "INVITE sip:" (phone number dialed).

Looks like the stuff in the "Info" column is a concatonation of many fields.

To the end of filtering for the "INVITE: sip" packets, does anybody know the field name for those particular invitations?

"aim_invitation" does not seem tb the one.... or is it and I'm missing something?

asked 21 Feb '11, 07:13

PeteCress's gravatar image

PeteCress
16568
accept rate: 0%

One Answer:

0

Display filter:
sip.Method == "INVITE"

See: Display Filter Reference: Session Initiation Protocol

answered 21 Feb '11, 07:33

joke's gravatar image

joke
1.3k4934
accept rate: 9%

Can anybody suggest what I am doing wrong?

http://tinyurl.com/4v8usr4

FWIW, just plain "INVITE" gives the same result.

(21 Feb '11, 11:33) PeteCress

I think I got a valid expression now. Used the expression builder instead of typing it in.

Sorry for the excess verbage...

(21 Feb '11, 11:49) PeteCress

Just in case some other noob is climbing this little learning curve, the Real Deal is syslog.msg contains "INVITE sip:"

Reason: Since we are reading packets sent by a VOIP gateway in "Debug" mode, the packets we see are actually Protocol=Syslog instead of Protocol=SIP...

(21 Feb '11, 11:59) PeteCress