Created attachment 13356 [details]
example SIP capture
Build Information:
TShark (Wireshark) 1.99.2-422-gb90f784
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, with libz 1.2.3,
with GLib 2.36.0, with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.2,
with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP.
Running on Mac OS X 10.9.5, build 13F34 (Darwin 13.4.0), with locale
en_US.UTF-8, with libpcap version 1.3.0 - Apple version 41, with libz 1.2.5,
with GnuTLS 2.12.19, with Gcrypt 1.5.0.
Intel(R) Core(TM) i7-4960HQ CPU @ 2.60GHz (with SSE4.2)
Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).
--
On Mac OS X 10.9, the nightly build of 1.99.2 seems to mangle SIP protocol
decodes, but my local development build does not.
This may be related to bug 10798.
In the attached capture, running the automated build tshark produces this:
1 0.000000 11.0.0.10 -> 192.168.0.103 UDP 834 Source port: 5060
Destination port: 5060
2 0.018346 192.168.0.103 -> 11.0.0.10 SIP 382 Status: 100 Tryi |
3 0.311731 192.168.0.103 -> 11.0.0.10 SIP 423 Status: 180 Ring |
4 1.615377 192.168.0.103 -> 11.0.0.10 SIP 672 Status: 200 OK\r\n |
5 1.626218 11.0.0.10 -> 192.168.0.103 UDP 461 Source port: 5060
Destination port: 5060
6 1.633798 192.168.0.103 -> 11.0.0.10 UDP 214 Source port: 16388
Destination port: 21068
7 1.653753 192.168.0.103 -> 11.0.0.10 UDP 214 Source port: 16388
Destination port: 21068
8 1.664795 11.0.0.10 -> 192.168.0.103 UDP 214 Source port: 21068
Destination port: 16388
9 1.665787 11.0.0.10 -> 192.168.0.103 UDP 214 Source port: 21068
Destination port: 16388
10 46.369420 192.168.0.103 -> 11.0.0.10 UDP 485 Source port: 5060
Destination port: 5060
11 46.391963 11.0.0.10 -> 192.168.0.103 SIP 504 Status: 200 OK\r\n |
On my local development build, tshark produces this:
1 0.000000 11.0.0.10 -> 192.168.0.103 SIP/SDP 834 Request: INVITE
sip:[email protected]:5060 |
2 0.018346 192.168.0.103 -> 11.0.0.10 SIP 382 Status: 100 Trying |
3 0.311731 192.168.0.103 -> 11.0.0.10 SIP 423 Status: 180 Ringing |
4 1.615377 192.168.0.103 -> 11.0.0.10 SIP/SDP 672 Status: 200 OK |
5 1.626218 11.0.0.10 -> 192.168.0.103 SIP 461 Request: ACK
sip:[email protected]:5060 |
6 1.633798 192.168.0.103 -> 11.0.0.10 RTP 214 PT=ITU-T G.711 PCMU,
SSRC=0x459E634, Seq=17861, Time=0, Mark
7 1.653753 192.168.0.103 -> 11.0.0.10 RTP 214 PT=ITU-T G.711 PCMU,
SSRC=0x459E634, Seq=17862, Time=160, Mark
8 1.664795 11.0.0.10 -> 192.168.0.103 RTP 214 PT=ITU-T G.711 PCMU,
SSRC=0x36A27E0D, Seq=57785, Time=0
9 1.665787 11.0.0.10 -> 192.168.0.103 RTP 214 PT=ITU-T G.711 PCMU,
SSRC=0x36A27E0D, Seq=57786, Time=0
10 46.369420 192.168.0.103 -> 11.0.0.10 SIP 485 Request: BYE
sip:[email protected]:5060;transport=udp |
11 46.391963 11.0.0.10 -> 192.168.0.103 SIP 504 Status: 200 OK |
My local dev build (ga3c705) version output:
TShark (Wireshark) 1.99.2
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, with libz 1.2.8,
with GLib 2.36.0, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, with GnuTLS
3.1.22, with Gcrypt 1.5.3, with MIT Kerberos, with GeoIP.
Running on Mac OS X 10.9.5, build 13F34 (Darwin 13.4.0), with locale
en_US.UTF-8, with libpcap version 1.6.2, with libz 1.2.8, with GnuTLS 2.12.19,
with Gcrypt 1.5.0.
Intel(R) Core(TM) i7-4960HQ CPU @ 2.60GHz (with SSE4.2)
Built using clang 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.56).