Wireshark mailing list archives

Re: SIP trace with tshark?

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Sun, 6 Sep 2020 14:02:04 +0200

On 6 Sep 2020, at 10:59, Nicholas Saunders <saunders.nicholas () gmail com> wrote:

How do I monitor port 5060 for SIP traffic?  Something like:


sudo  tshark -d udp.port==5060,http

obviously, not http.



thanks,


Nick


Hi,

By default the SIP dissector is quite capable to pick up UDP packets on port 5060 for itself, so configuration like 
this is usually not needed. Otherwise see what ‘sip’ instead of ‘http’ brings.

Thanks,
Jaap

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

SIP trace with tshark? Nicholas Saunders (Sep 06)
- Re: SIP trace with tshark? Jaap Keuter (Sep 06)
  - Re: SIP trace with tshark? Nicholas Saunders (Sep 06)
    - Re: SIP trace with tshark? Graham Bloice (Sep 07)
- Re: SIP trace with tshark? Nutkins, Tom (Sep 06)