Wireshark · Wireshark-users: Re: [Wireshark-users] SIP trace with tshark?

Wireshark-users: Re: [Wireshark-users] SIP trace with tshark?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>

Date: Sun, 6 Sep 2020 14:02:04 +0200

> On 6 Sep 2020, at 10:59, Nicholas Saunders <saunders.nicholas@xxxxxxxxx> wrote:
> 
> How do I monitor port 5060 for SIP traffic?  Something like:
> 
> 
> sudo  tshark -d udp.port==5060,http
> 
> obviously, not http.
> 
> 
> 
> thanks,
> 
> 
> Nick

Hi,

By default the SIP dissector is quite capable to pick up UDP packets on port 5060 for itself, so configuration like this is usually not needed. Otherwise see what ‘sip’ instead of ‘http’ brings.

Thanks,
Jaap

Follow-Ups:
- Re: [Wireshark-users] SIP trace with tshark?
  - From: Nicholas Saunders

References:
- [Wireshark-users] SIP trace with tshark?
  - From: Nicholas Saunders

Prev by Date: Re: [Wireshark-users] SIP trace with tshark?
Next by Date: Re: [Wireshark-users] SIP trace with tshark?
Previous by thread: Re: [Wireshark-users] SIP trace with tshark?
Next by thread: Re: [Wireshark-users] SIP trace with tshark?
Index(es):
- Date
- Thread