[SIPForum-discussion] Wireshark Display Filter
Tim Garey
tim.garey at myfairpoint.net
Sat Oct 19 13:04:47 UTC 2013
Hello all,
Thanks very much for your responses, all were correct and helpful. The
problem I had
was due to using an older version of Wireshark. With the older version
(forgot which one now)
udp.port == 56456 || udp.port == 4310 would not show RTP packets. When I
upgraded to latest
Wireshark the same filter worked as expected.
Tim
_____
From: Dave McBride [mailto:davemcbride123 at gmail.com]
Sent: Wednesday, October 16, 2013 3:05 AM
To: Tim Garey
Cc: discussion at sipforum.org
Subject: Re: [SIPForum-discussion] Wireshark Display Filter
Hi Tim
How does this look when applied?
ip.dst == 1 and udp.port == 52560
Thanks
Dave
On 15 October 2013 16:28, Tim Garey <tim.garey at myfairpoint.net> wrote:
I have a large pcap file with about 7 active calls. I can see on one
particular call there is a problem and
need to find out when in the trace the RTP stream ends for this call. I
have identified where it starts
and ports being used, but it seems nearly impossible to find where it ends
as the source/dest addresses
are the same for all calls.
Is there a way to create a Wireshark display filter to show only the RTP
stream with port = 52560 to IP-address1.
This would help greatly in troubleshooting
Thanks.
_______________________________________________
This is the SIP Forum discussion mailing list
TO UNSUBSCRIBE, or edit your delivery options, please visit
http://sipforum.org/mailman/listinfo/discussion
Post to the list at discussion at sipforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20131019/6012863b/attachment-0002.html>
More information about the discussion
mailing list