Wireshark-bugs: [Wireshark-bugs] [Bug 11420] Wire Shark Not Capturing register, invite , 200 ok

Date: Tue, 11 Aug 2015 11:36:09 +0000

changed bug 11420


What Removed Added
CC   [email protected]

Comment # 2 on bug 11420 from
(In reply to Abhisek from comment #0)
> Build Information:
> Version 1.8.3 (SVNRev 45256 from /trunk-1.8)
> --
> I'm trying to capture a call flow from web client to another web client
> using wireshark & tcpdump. This call flow is based on webrtc, sip & web
> clients.


There are two problems:

1) In previous releases Wireshark couldn't correctly decode SIP inside
websocket masked payload. This is now fixed in the latest development releases
(1.99.8, for example), but not in your 1.8.3, nor even 1.12.6.  Also, you must
explicitly tell wireshark that the websocket payload is SIP, by setting the
websocket protocol preferences: go to Edit->Preferences->Protocols->Websocket,
and select "SIP" from the drop-down box.  Again, you'll need to be using
wireshark version 1.99.8 to have this work.

2) The second problem is your SIP over Websocket server: it's setting the
response frames to have a websocket opcode for "binary" instead of "Text",
which is just wrong. Your client correctly sets the opcode to "text", but the
response from the server are not.  So wireshark won't decode those "binary" SIP
messages from the server to the client as SIP even in 1.99.8; but it will
decode the messages from the client to the server.


(In reply to Jaap Keuter from comment #1)
> Does the Gateway do DTLS termination? I see in the client capture at frame
> 778 that a DTLS connection is established, which may conceal the SIP
> messages you look for.

No it's there - just do a display filter for "websocket" and you'll see the
packets with SIP inside the websocket payload.


You are receiving this mail because:
  • You are watching all bug changes.