This is our old Q&A Site. Please post any new questions and answers at

I'm using an older version of Wireshark, which perfectly decodes SIP TLS traffic with port 5061 as TLS. With newer versions (e.g. 2.4.2) the same packets are simply decoded as TCP. I've checked the settings for the protocols. SIP-TLS port 5061 is set per default in the SIP protocol setting in the old and in the current version. I've tried a workaround and added port 5061 to SSL/TLS ports of HTTP. This partly helps to decode SIP-TLS as TLS at least in one direction. However, this looks like a Wireshark bug, or did I just miss a setting that resloves my problem? Any ideas?

asked 24 Oct '17, 05:12

rolstein's gravatar image

accept rate: 0%


(24 Oct '17, 05:25) rolstein

(24 Oct '17, 05:27) rolstein

That looks like a bug in proto_reg_handoff_sip() failing to properly call ssl_dissector_[add|delete]().

permanent link

answered 24 Oct '17, 11:05

Jaap's gravatar image

Jaap ♦
accept rate: 14%

Yes, that code was just wrong. I fixed it in this change, so the current tip of the master branch, and the next 2.4.x release, should have that particular problem fixed.

(24 Oct '17, 12:10) Guy Harris ♦♦

OK, thanks. Then I'll be waiting for the next version

(24 Oct '17, 22:00) rolstein
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 24 Oct '17, 05:12

question was seen: 1,155 times

last updated: 24 Oct '17, 22:00

p​o​w​e​r​e​d by O​S​Q​A