This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have been using dumpcap to capture and i was wondering if it captures SIP and RTP and if i open the trace in wireshark will it be shown as a SIP packer or an RTP packet

asked 13 Jun '16, 09:13

MattG's gravatar image

MattG
6335
accept rate: 0%

edited 13 Jun '16, 09:25


Dumpcap captures everything that comes to the NIC and that the NIC's hardware filter or dumpcap's capture filter doesn't filter out, unless the drivers installed by some security software interfere with WinPcap/NPcap operation (this is a concern on Windows). So if

  • you use promiscuous mode (dumpcap's default setting of the NIC) and no capture filter at all,

  • we talk about wired NIC (wireless is a much more colourful story),

  • the SIP and RTP traffic is really present at the NIC,

dumpcap will capture it.

What may be a bit of a trouble is whether Wireshark (or tshark) would recognize the two in the resulting capture automatically, but you should always be able to help it using Decode as....

permanent link

answered 13 Jun '16, 09:29

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Hi thanks for the reply so will the SIP show or will I have to decde it

(13 Jun '16, 09:45) MattG

Try it and find out :-)

(13 Jun '16, 10:13) Anders ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×238
×109
×89

question asked: 13 Jun '16, 09:13

question was seen: 1,171 times

last updated: 13 Jun '16, 10:13

p​o​w​e​r​e​d by O​S​Q​A