I'm running a monitor session on a Cisco 7609, source gi1/1 to destination gi 1/13. My computer is connected to int gi1/13. I want to capture SIP messaging from this interface but can't see it. I get DHCP, UDP, etc packets, but no SIP. What am I doing wrong asked 12 May '17, 06:19  blangham |
One Answer:
Many SIP implementations use UDP/5060 but it is possible the SIP you are trying to capture is using a non-standard port. SIP can also run over TCP (typically only used in enterprises, and even then seldom) or TLS. If it's in TLS you won't be able to decode it unless you can get the keys. Do you have a trace??? answered 12 May '17, 06:31  dbAtAffirmed |
This ended up being a NIC card issue. My PC has a Realtek PCIe Gbe Family controller. My laptop has Broadcom NetLink Gigabit. There must be some settings int the Realtek that need changed to pass this traffic.