This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SIP flow sequence wrongly sorted

0

Hello,

i have two SIP Flows. When i open the flow sequence, the Sequence is sorted by call ID, but should be sorted according to the time. It has worked before, and i don't know what has changed.

Thanks for your Help,

Regards,

Volker

NOT-OK Wrong sorting OK All OK

asked 02 May '17, 01:32

volker's gravatar image

volker
6112
accept rate: 0%

It has worked before, and i don't know what has changed.

Please elaborate. Which version of Wireshark does or does not work? What OS? Are you testing with the same capture data on both versions of Wireshark?

If you provide a capture file instead of screenshots, someone might be able to better help you. Post to any file sharing site, such as cloudshark, dropbox, pastebin, ...

(02 May '17, 07:27) cmaynard ♦♦

One Answer:

2

Can you confirm that the frame numbers of these packets increment chronologically?

I ask this question because the flow chart does not sort the arrows by time, but rather by packet number. If you took two SIP Call ID's and merged them into one trace file by "appending" or "prepending" rather than sorting chronologically, then you will end up with the "Not OK" result that you showed in your screenshot.

I just tested this on 2.2.0 and confirmed this is the case.

answered 04 May '17, 16:23

Quadratic's gravatar image

Quadratic
1.9k6928
accept rate: 13%

Hi Quadratic,

you are right this is the Problem. Thanks a lot.

Regards, Volker

(05 May '17, 10:56) volker

Hi Quadratic,

thanks again. Please add your comment as the Answer than we close this. I have use the tool "reordercap" under linux and i have what i need.

Regards, Volker

(05 May '17, 12:21) volker

Great - It's an "answer" now. :)

(05 May '17, 15:48) Quadratic