["Andrena Lefdahl" <ALefdahl@xxxxxxxxxxxxxx>]

Andrena Lefdahl wrote:

> "Q: What is a good filter for just capturing SIP and RTP packets?

> 

> port sip

> 

> should capture both TCP and UDP traffic to and from that port (if one of

> those filters gets "parse error", try using 5060 instead of sip). For

> SIP traffic to and from other ports, use that port number rather than

> sip.

> 

> For RTP packets, you would have to determine one of the port numbers

> that would be used, and specify that port number."

> 

> Here are my questions:

> 

> 1.      port sip is what I need to type into the filter space to get SIP

> traffic right?

Assuming the SIP traffic is going to or from port 5060, the standard SIP

port (and that your OS's getservbyname database has an entry for sip),

yes.  If it doesn't have an entry for sip, that'll get an error - try

"port 5060" instead.  If the SIP traffic isn't going to or from the

standard port, you'd have to specify that port number.

> 2.      It says I have to determine one of the port numbers for RTP, it

> uses several port numbers, will just specifying one of them pick up the

> rest of the RTP traffic?

No.  The filter won't be looking for RTP traffic, it'll be looking for

traffic to or from the particular port number or numbers, so you have to

specify all of them in advance.

> 3.      So now what is the full syntax that I would type in the filter

> box to answer: "What is a good filter for just capturing SIP and RTP

> packets?"

The answer depends on the port numbers RTP happens to be using.

 

 

MORE QUESTIONS FROM MY QUESTIONS:

 

1.How in the world do you find out all the ports that RTP will be using?

 

2. I still would like an example of what the syntax would be (setting up the capture filter) for both SIP and RTP traffic. Just pretend we know what ports RTP are on.

 

Thank You

Andrena

---

----- IRS CIRCULAR 230 NOTICE -----
Any tax advice expressed in this communication (including any attachments) is not intended to be used, and cannot be used, for the purpose of avoiding penalties imposed on the taxpayer by any governmental taxing authority or agency. In addition, if any such tax advice is made available to any person or party other than the party to whom the advice was originally directed, then such advice, under IRS Circular 230, is to be considered as being delivered to support the promotion or marketing (by a person other than Eide Bailly LLP) of the transaction or matter discussed or referenced. Thus, each taxpayer should seek specific tax advice based on the taxpayer's particular circumstances from an independent tax advisor.

The information transmitted in this email and any attachments is intended only for the personal and confidential use of the intended recipients. This message may be or may contain privileged and confidential communications. If you as the reader are not the intended recipient, you are hereby notified that you have received this communication in error and that any retention, review, use, dissemination, distribution or copying of this communication or the information contained is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete the original message from your system.