Wireshark-users: Re: [Wireshark-users] H248 filter

From: "Francesco Cappuccio" <francesco.cappuccio@xxxxxxxxxxxx>
Date: Wed, 7 Apr 2010 13:08:16 +0200
We use signaling over UDP, and it is unuseful to use IP addresses, as signaling exchanged between MGC and VG has same IP addressing as udp data.
I should really find a way to filter efficiently udp port 2944 in both directions...


--
Francesco Cappuccio

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Anders Broman
Sent: mercoledì 7 aprile 2010 12.56
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] H248 filter

Hi,
Isn't the H.248 signaling over SCTP? IF so I thnk you can use SCTP as a fileter or SCTP port perhaps.
Alternatively use the IP address(es). Possibly the MGW IP address is only used for signaling.
regards
Anders
________________________________________
From: wireshark-users-bounces@xxxxxxxxxxxxx [wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Francesco Cappuccio [francesco.cappuccio@xxxxxxxxxxxx]
Sent: Wednesday, April 07, 2010 11:39 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] H248 filter

Hi,
I am actually trying to sniff some H248 traffic, as the number of lines increase I need o set up a capture filter to avoid all RTP content.

I tried the following filters:

"udp port 2944"
"port 2944"

They both works but I miss messages coming from the Virtual Gateway towards the MGC.

I am wondering if someone has better option to set up the capture filter, as "megaco" or "h248" are not working.

Thanks.


--
Francesco Cappuccio

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe