[SIPForum-discussion] Wireshark Display Filter

• Previous message: [SIPForum-discussion] Wireshark Display Filter
• Next message: [SIPForum-discussion] Fwd: Phantom Calls on ATA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

use ssrc for filter. 
ssrc creation logic is derived from random number generation suggested by rfc.
so it should be different in all calls.

----- Original Message -----
From: Tim Garey <tim.garey at myfairpoint.net>
To: discussion at sipforum.org
Sent: Tue, 15 Oct 2013 20:58:20 +0530 (IST)
Subject: [SIPForum-discussion] Wireshark Display Filter

I have a large pcap file with about 7 active calls. I can see on one
particular call there is a problem and

need to find out when in the trace the RTP stream ends for this call. I
have identified where it starts

and ports being used, but it seems nearly impossible to find where it ends
as the source/dest addresses

are the same for all calls.

 

Is there a way to create a Wireshark display filter to show only the RTP
stream with port = 52560 to IP-address1.

This would help greatly in troubleshooting

 

Thanks.

 

• Previous message: [SIPForum-discussion] Wireshark Display Filter
• Next message: [SIPForum-discussion] Fwd: Phantom Calls on ATA
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]