This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Does dumpcap capture SIP

0

I have been using dumpcap to capture and i was wondering if it captures SIP and RTP and if i open the trace in wireshark will it be shown as a SIP packer or an RTP packet

asked 13 Jun '16, 09:13

MattG's gravatar image

MattG
6335
accept rate: 0%

edited 13 Jun '16, 09:25

One Answer:

0

Dumpcap captures everything that comes to the NIC and that the NIC's hardware filter or dumpcap's capture filter doesn't filter out, unless the drivers installed by some security software interfere with WinPcap/NPcap operation (this is a concern on Windows). So if

  • you use promiscuous mode (dumpcap's default setting of the NIC) and no capture filter at all,

  • we talk about wired NIC (wireless is a much more colourful story),

  • the SIP and RTP traffic is really present at the NIC,

dumpcap will capture it.

What may be a bit of a trouble is whether Wireshark (or tshark) would recognize the two in the resulting capture automatically, but you should always be able to help it using Decode as....

answered 13 Jun '16, 09:29

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Hi thanks for the reply so will the SIP show or will I have to decde it

(13 Jun '16, 09:45) MattG

Try it and find out :-)

(13 Jun '16, 10:13) Anders ♦