This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SIP TLS is only shown as TCP

0

I'm using an older version of Wireshark, which perfectly decodes SIP TLS traffic with port 5061 as TLS. With newer versions (e.g. 2.4.2) the same packets are simply decoded as TCP. I've checked the settings for the protocols. SIP-TLS port 5061 is set per default in the SIP protocol setting in the old and in the current version. I've tried a workaround and added port 5061 to SSL/TLS ports of HTTP. This partly helps to decode SIP-TLS as TLS at least in one direction. However, this looks like a Wireshark bug, or did I just miss a setting that resloves my problem? Any ideas?

asked 24 Oct '17, 05:12

rolstein's gravatar image

rolstein
6334
accept rate: 0%

Screenshots

(24 Oct '17, 05:25) rolstein

(24 Oct '17, 05:27) rolstein

One Answer:

0

That looks like a bug in proto_reg_handoff_sip() failing to properly call ssl_dissector_[add|delete]().

answered 24 Oct '17, 11:05

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Yes, that code was just wrong. I fixed it in this change, so the current tip of the master branch, and the next 2.4.x release, should have that particular problem fixed.

(24 Oct '17, 12:10) Guy Harris ♦♦

OK, thanks. Then I'll be waiting for the next version

(24 Oct '17, 22:00) rolstein