ferdiansyah ferdiansyah wrote:
> I have problem, I cannot filter packet of VoIP with
> ethereal.
>
> I want to ask to this millist, how can I filter packet
> of VoIP using ethereal? And what is the string for
> VoIP?
There are several different protcocols used for Voice over IP.
Ethereal supports several different VoIP protocols, but there is probably
several VoIP protocols that are not supported (mainly proprietary
protocols).
I think that you have to try to found out more details about what protcols
are used in your VoIP scenario (both for signalling, e.g.
H.323/SIP/Megaco/MGCP/Skinny and for media transport, e.g. RTP) and check if
Ethereal supports any of these protocols.
http://www.ethereal.com/faq.html#q1.2
Maybe you can also try to find out what server port numbers (TCP and/or UDP)
are used for your equipment.
There is some information about different VoIP protocols on the
www.protocols.com web site:
http://www.protocols.com/pbook/VoIP.htm
You may need to use the "Decode As.." menu item to get RTP packets decoded
as RTP packets.
http://www.ethereal.com/faq.html#q5.30
Ethereal supports e.g. the following VoIP or VoIP-related protocols (at
least partly):
RTP (display filter: rtp)
RTCP (display filter: rtcp)
H.323-protocols H.245 and H.225.0 (display filter: h245 or h225)
SIP (display filter: sip)
SDP (display filter: sdp)
H.248/Megaco (display filter: megaco)
MGCP (display filter: mgcp)
Skinny (display filter: skinny)
You cannot use these filters as capture filters, just as display filter, and
it will only work to filter on e.g. "rtp" if Ethereal
really decodes the packets as RTP packets (i.e. you may have to use Decode
As...).
So the best may be to start with capturing without a capture filter before
you have found what protocols and ports are used.