asked 2024-06-13 05:22:58 +0000

hyemin gravatar image

Each PC displays the SIP msg in wireshark cut off. Both are using same program version and there are no filtere values, but i dont understand the reason.

If your other question is just adding information that's relevant to this question, add a comment to this question. I'm reopening it so that you can do so.

Guy Harris gravatar imageGuy Harris ( 2024-06-18 07:56:38 +0000 )edit

answered 2024-06-13 17:59:49 +0000

SYN-bit gravatar image

Is the More Fragments bit in the IP header of the SIP packets set? If so, that indicates that fragmentation was needed to transfer the SIP requests and/or responses. If a capture filter was used, then the following fragment would not be saved, resulting in partial SIP requests/responses.

It could also be that the capture was made with packet slicing, you would see that in the frame info where it will say something like 1045 bytes on wire, 500 bytes captured

In both cases you would need to make captures again (with different settings) to make sure you capture all data.

If neither of those is the case, it's hard to tell what is going on, without seeing the capture

