Wireshark-users: Re: [Wireshark-users] SIP trace with tshark?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sun, 6 Sep 2020 14:02:04 +0200
> On 6 Sep 2020, at 10:59, Nicholas Saunders <saunders.nicholas@xxxxxxxxx> wrote:
> 
> How do I monitor port 5060 for SIP traffic?  Something like:
> 
> 
> sudo  tshark -d udp.port==5060,http
> 
> obviously, not http.
> 
> 
> 
> thanks,
> 
> 
> Nick

Hi,

By default the SIP dissector is quite capable to pick up UDP packets on port 5060 for itself, so configuration like this is usually not needed. Otherwise see what ‘sip’ instead of ‘http’ brings.

Thanks,
Jaap