This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Tshark command for the wireshark operation

0

Hi, We are using Wireshark to analyse some SIP messages. Some of the SIP messages are coming as "Malformed packets" (15 0.429555 2606:ae00:93a0:3cf3:0:25:410f:901 2001:1890:1001:2c00::7:5 IPA 1909 unknown 0x47 [Malformed Packet]). If I do the following step I can get the actual message. Right click the msg -> select the option Decode As... -> Select the option "Do not decode" -> Select the option "both" in the drop down box "TCP" -> click OK button.

I would like to know if there is a corresponding tshark command for the above operation.

Regards, Eldho

asked 18 Apr '13, 03:47

Eldho's gravatar image

Eldho
11112
accept rate: 0%


One Answer:

0

In Wireshark disable the IPA dissector, it's heuristics are too loose in that they pick up SIP traffic as well.

answered 18 Apr '13, 04:21

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Hi Jap, thanks for the reply. But my objective is to get the command-line option so that we can automate the operation.

(18 Apr '13, 05:19) Eldho