|
Ethereal should normally succeed to decode a
SIP-message even if it is not sent to or from port 5060.
There is a heuristic SIP dissector that will decode
messages that looks like SIP-messages (by looking
for "SIP/2.0"
in the header of the message).
However my own experience is that it might miss
some messages due to that the port number is used for some other
protocol and that Ethereal will try to disset the
message using that protocol instead.
If you have a capture and want to find the packets
with "SIP/2.0" then you can use the folowing display filter:
udp contains "SIP/2.0"
You can then try to see if these packets are
decoded by another dissector and maybe disable that protocol:
Analyze/Enabled Protocols...
----- Original Message -----
Sent: Thursday, May 26, 2005 1:57
PM
Subject: [Ethereal-users] How to
discriminate SIP packet among UDP packets?
I know that the port number "5060" is used for
SIP.
However, the port number of SIP which I captured
with ethereal is always not "5060"
For above reason, I want to know how
to discriminate SIP packet among UDP packets in ethreal?
_______________________________________________
Ethereal-users
mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
|