This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Older versions of wireshark included H225 RAS messages (admissionRequest, admissionConfirm, admissionReject, disengageRequest, disengageConfirm, and disengageReject) in the set of messages detected for H.323 VoIP calls, and in what used to be called the "graph" of a call and is now called the "Flow" of the call.

It was extremely useful for these messages to be included in the graph of a call because these messages are integral to the way that calls are placed in the H.323 standard when an endpoint is registered with an H.323 Gatekeeper.

The wireshark project just turned on voting in their bugzilla, so I encourage anyone who is interested in seeing this feature restored to wireshark sould go vote for this bug to be fixed: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5848

asked 25 Mar '11, 19:05

ericn1234's gravatar image

ericn1234
46114
accept rate: 0%

edited 08 Jul '11, 13:50

You'll have to state the relevant version numbers first.

(26 Mar '11, 04:15) Jaap ♦

I know the feature existed in version 1.0.8 and I know it is missing in version 1.4.3 and 1.4.4. I just upgraded my machine/OS recently, so those are the only versions I have been able to try.

(26 Mar '11, 20:15) ericn1234
1

I noticed this behavior change as well. It's really weird that ARQ/ACF are not included when I clicked "Telephony" -> "VOIP calls" -> "Flow".

B.T.W. I'm using wireshark on windows. my wireshark version is: Version 1.4.3 (SVN Rev 35482 from /trunk-1.4)

(07 Apr '11, 22:41) shaohong

Yes, I think this feature is useful. Watching it.

(10 Apr '11, 13:31) jiuhua

I don't think it was removed on purpose, raise a bug report preferably with a small trace showing the problem the bug can be marked private to limit the acces to core developers if need be.

(16 Apr '11, 01:26) Anders ♦

Thanks Anders, I have created bug 5848 for this issue. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5848

(18 Apr '11, 20:42) ericn1234

The wireshark project just turned on voting in their bugzilla, so I encourage anyone who is interested in seeing this feature restored to wireshark sould go vote for this bug to be fixed: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5848

(08 Jul '11, 13:50) ericn1234
showing 5 of 7 show 2 more comments

I just found that there is actually 2 ways to get to a flow graph of a call. The second method is a inconvenient work-around for the issue, but it is better than nothing:

1) Select "Telephony->VoIP Calls" then select the call and hit the flow button. This is the method that the bug is about and is missing the RAS packets.

2) Apply a filter to packets so that only the packets related to the desired call are displayed. Then select "Statistics->Flow Graph". Then Select "Displayed Packets" and then OK. This method will include the RAS packets in what is diplayed, but is much less convenient if the capture file has lots of calls from endpoints you are interested in. The filter expressions can be very unwieldy to filter out all packets except those for a particular call.

permanent link

answered 08 Jul '11, 16:00

ericn1234's gravatar image

ericn1234
46114
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×139
×35
×10
×6
×1

question asked: 25 Mar '11, 19:05

question was seen: 5,663 times

last updated: 08 Jul '11, 16:00

p​o​w​e​r​e​d by O​S​Q​A