In wireshark telephony --> VOIP calls will show only calls. We are running performance with 100 calls per second. File size is huge and contains register, subscriber other messages.Is there any capture filter to get only VOIP calls ? capturefilter sip takes everything Another issue in Linux im using below filter to avoid traffic capture from below network range.But it is getting captured. Can anyone please suggest for this? tshark -i any -f "not net 2001:1234:5678:9abc:2729::/80 or not net 2001:1234:5678:9abc:2730::/80” -R "sip" -w test.pcap Thanks, Santhosh asked 05 Dec '13, 05:19  Santhosh Mohan |
One Answer:
For capturing only call-related messages, you could use a filter like "sip.Method != REGISTER && sip.Method != OPTIONS && sip.Method != SUBSCRIBE && sip.Method != NOTIFY && sip.Method != PUBLISH". Or the opposite: "sip.Method == INVITE || sip.Method == ACK || sip.Method == PRACK || sip.Method == BYE || sip.Method == INFO". I haven't tried that with tshark's read filter (the -R option), so ymmv. For the second problem of IPv6 subnets not being excluded, I think you want the word "and" instead of "or" in that line. :) answered 31 Jan '14, 21:43  Hadriel |
Thanks for the help Hadriel. For the IPV6 issue, i dont think so "and" make a change, Still i will try your suggestion :)