Hi everybody ! I search to create a capture filtre with the protocol SIP but i don't know like to do. My release Wireshark is 2.2.6 and when i write in the field Capture Filter "SIP", it not work, I can not start. Can you help me ? Thank you very much. Bye. JbOne asked 09 May '17, 05:39  JbOne73 |
One Answer:
Capture filters also known as BPF filters, only work at up to protocols such as TCP and UDP. To filter on protocols running atop those you have to either use port filters if your traffic always uses a fixed number of ports, or fall back to checking specific offsets in packets which is very error prone. The Wiki page on Capture Filters has a discussion on capture filters for SIP using port based filters, and an offset based one for RTP traffic. answered 09 May '17, 05:44  grahamb ♦ |
