This is our old Q&A Site. Please post any new questions and answers at

We have setup a wireshark monitoring server in our lab. We have used capture filter to filter traffic from specific ports. However there is a lot of SCTP heartbeat exchange between the nodes and this is causing overload on the server and the wireshark application is slowing down.

Is it possible to use capture filter on SCTP level to filter out SCTP heartbeat chhunks? Is this supported yet by the wireshark application? I tried to search this online but couldnt find any info on this.

asked 07 Aug '14, 13:24

sudhir_shet's gravatar image

accept rate: 0%

Assuming that your SCTP stack does not send any other chunk types in the same IP packet as the heartbeat and acks, you can do that with a filter including a statement like 'not ip[x:1]=04 and not ip[x:1]=05', where "x" is the byte to start in out of the begining of the IP header of the packet. Basically, you're telling the capture filter to go "x" bytes into the packet and check to see if the next one byte (the chunk type byte in the SCTP header) is equal to 4 or 5 (heartbeat or acks).

I don't have a working example on hand at the moment but I've worked out a filter like that in the past with some success. I did run up against one (uncommon?) stack that was including other chunk types in heartbeats though so by filtering them you risk filtering data chunks also.

permanent link

answered 07 Aug '14, 14:54

Quadratic's gravatar image

accept rate: 13%

edited 07 Aug '14, 14:55

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 07 Aug '14, 13:24

question was seen: 5,549 times

last updated: 07 Aug '14, 14:55

p​o​w​e​r​e​d by O​S​Q​A