Wireshark mailing list archives
SIP filter issues
From: Manolis Katsidoniotis <manoska () gmail com>
Date: Mon, 16 Jan 2012 18:53:45 +0200
Hello everyone I have the following question. I am filtering a wireshark trace with ((sip.Status-Code==487)&&(sip.to.user contains 46710000)) In other words my intended action is "please display all 487 status lines for subscribers 46710000* " or something like: "please show the failed calls for subscribers 46710000* " however some packets are sent via TCP and are thus multiplexed in TCP stream frames the filter displays a "matching" result which contains 2 packets: - 1 with 487 response which I am interested in but for subscribers that I'm "not" interested in ... so the packet is useless - 1 with other response (180 Ringing) which I'm "not" interested in but for subscribers that I am interested in ... so this packet is also useless According to my opinion this is a bug in wireshark. My intention is to display frames in which the filter criteria match in the "same" packet so in theory these packets should be excluded. If yes how I can report it? If no, does anyone happen to know how I can "filter out" these packets and display only the ones that match both criteria in the same packet? Thanks in advance Manolis
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- SIP filter issues Manolis Katsidoniotis (Jan 16)
- Re: SIP filter issues Guy Harris (Jan 16)
- Re: SIP filter issues Manolis Katsidoniotis (Jan 16)
- Re: SIP filter issues Guy Harris (Jan 16)
- Re: SIP filter issues Manolis Katsidoniotis (Jan 16)
- Re: SIP filter issues Guy Harris (Jan 16)