Hello, I only need to capture SIP packets. Would you please tell me how to configure Wireshark to accomplish this? It's better to use pictures to describe to me. Thanks. This question is marked "community wiki". asked 09 Jun '11, 04:40  Jacky Yeh edited 09 Jun '11, 15:37  cmaynard ♦♦ |
2 Answers:
Refer to the SIP wiki page. answered 09 Jun '11, 15:38 cmaynard ♦♦ Dear Cmaynard, I mean how I can only capture SIP packets by wireshark? I have tried to configure the capture filter of the capture option but it's unavailable. Jacky Yeh (09 Jun '11, 22:16) Jacky Yeh 1 I don't understand what you mean by, "it's unavailable." Maybe you're having trouble with capture filter syntax? Capture filter syntax is not the same as display filter syntax. Have a look at the Capture Filters wiki page; maybe that will help you. (10 Jun '11, 13:03) cmaynard ♦♦ The SIP wiki link posted by @cmaynard states:
(10 Jun '11, 16:52) helloworld |
Usually SIP is on UDP port 5060 (though sometime TCP port 5060 is also use) So just use "port 5060" in your capture filter, and the use "sip" in the display filter to filter out any non-SIP traffic that might be on that port answered 12 Jun '11, 05:16  martyvis Ok, I got it. Thanks so much. Jacky Yeh (12 Jun '11, 19:21) Jacky Yeh |
I have tried the sip, udp, ip, port and ethernet as follows show. Only ethernet can capture SIP packets but this is not my wish. My wish is to use sip filter to capture all pure SIP packets.