This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Save only filtered SIP\RTP results in a file

0

We are testing a new SIP connection that uses MPLS on our production servers. The calls come in using SIP via our Telco, then if the caller asks to be connected to an agent we do a bridged transfer (via our MPLS connection) to the agent.

We need to set up wireshark tracing and save them to files. Unfortunately we get so many calls that this uses up drive space incredibly quickly and we will not be able to run long enough to capture what we need before we run out of space.

Is there a way to apply multiple filters, ie: SIP and RTP only, and put ONLY those packets into the automatically created files?

If we could find a way to do that then we might be able to filter down to just what we need (maybe) and have the space to save those files.

The key is to apply the filter BEFORE any data gets saved.

asked 05 Feb '15, 08:01

Sandy%20Murdock's gravatar image

Sandy Murdock
1222
accept rate: 0%

edited 05 Feb '15, 08:48

grahamb's gravatar image

grahamb ♦
19.8k330206


One Answer:

0

Been asked a few times before, e.g. here

There's a discussion of a SIP\RTP capture filter here

answered 05 Feb '15, 08:30

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%