[SIPForum-discussion] Wireshark Display Filter

• Previous message: [SIPForum-discussion] Wireshark Display Filter
• Next message: [SIPForum-discussion] Wireshark Display Filter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Try these filters

 

udp.port == 2911  

 

ip.dst == 10.179.166.22 and udp.port == 49152

 

ip.src == 10.179.166.22 and udp.port == 49152

 

 

Good Luck

 

Jorge Alcantara

From: discussion-bounces at sipforum.org
[mailto:discussion-bounces at sipforum.org] On Behalf Of Tim Garey
Sent: Tuesday, October 15, 2013 11:28 AM
To: discussion at sipforum.org
Subject: [SIPForum-discussion] Wireshark Display Filter

 

I have a large pcap file with about 7 active calls.  I can see on one
particular call there is a problem and

need  to find out when in the trace the RTP stream ends for this call. I
have identified where it starts

and ports being used, but it seems nearly impossible to find where it ends
as the source/dest addresses

are the same for all calls.

 

Is there a way to create a  Wireshark display filter to show only the RTP
stream with port = 52560 to IP-address1.

This would help greatly in troubleshooting

 

Thanks.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20131015/46dd3000/attachment-0002.html>

• Previous message: [SIPForum-discussion] Wireshark Display Filter
• Next message: [SIPForum-discussion] Wireshark Display Filter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]