This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SIP capture filter

0

Hi, I'm trying to apply a filter to capture only SIP traffic and running into an odd situation. When I leave wireshark with no capture filter, I see the packets I want to capture from host X to host Y on UDP port 5060.

So I applied these filters on the capture options screen one by one: -port 5060 -udp port 5060 -host X

All of them returned nothing. Is there something I'm missing here?

asked 29 Sep '11, 09:26

CulverTech's gravatar image

CulverTech
1112
accept rate: 0%

One Answer:
active answersoldest answersnewest answerspopular answers
1

My bet would be that the SIP traffic is vlan tagged (you can check this by looking closer to the unfiltered SIP traffic). If this is true, prepend your capture filters with "vlan and ..." so the filters will become:

vlan and port 5060
vlan and udp port 5060
vlan and host X

Hope this helps.

permanent link

answered 29 Sep '11, 09:46

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Aha! yes, they're tagged, didn't realize I had to add that to the filter. Thanks so much

(29 Sep '11, 10:02) CulverTech
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×549
×109
×40

question asked: 29 Sep '11, 09:26

question was seen: 6,201 times

last updated: 29 Sep '11, 10:02

Related questions

How can I only capture SIP packets?

Capture filter bug? - SIP "udp port 5060" is not working with IP-IP-Encapsulation RFC2003

Capture filter to filter SCTP heartbeak chunks

Query about combining capture filter

unable to capture sip packets

Filter Incoming Connection Attempts

Capture all data to and from an IP source

How to see traffic from specific internet line?

How to decrypt WPA2-PSK captured traffic on Wireshark? What is the expected traffic to be captured in WPA2-PSK setup?

Java API to dissect Wireless Packets captured by Wireshark ( .libcap)

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A