SIP DisplayFilter doesn't work in Wireshark 4

asked 2022-10-27 09:37:21 +0000

asterisk
1 ●1 ●2

Hi.

This SIP Display filter doesn't no longer work in Wireshark 4.

I normally use SIP contains <number> when I'm looking for an trace but that does not show any results anymore. When I did open the same file in Wireshark 3.6 it worked as intended.

Regards

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2022-10-27 12:31:23 +0000

Chuckc
2858 ●5 ●567 ●19

updated 2022-10-27 12:42:39 +0000

Are you searching for a <number> or a "string that respresents <number>"?

There have been changes to how display filters work: What’s New In Wireshark 4.0?

Sample capture: aaa.pcap Sample SIP and RTP traffic.

sip contains "97239287044"

Measurement             Captured              Displayed              Marked
Packets                   691                 33 (4.8%)                         —

Case matters - using SIP or sip?

(Version 4.0.1 (v4.0.1-0-ge9f3970b1527).)

edit flag offensive delete link

Comments

Ah I did notice now that it seems to require "" around the number, did download the aaa.pcap and tried with it. In Wireshark 4 you must type sip contains "351047" to make it work.

asterisk ( 2022-10-27 20:08:36 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-10-27 09:37:21 +0000

Seen: 600 times

Last updated: Oct 27 '22

SIP DisplayFilter doesn't work in Wireshark 4 edit