can not see SIP protocol in my wireshark

  • retag add tags

When opening a file with SIP messages, my wireshark does not display the SIP messages. SIP is listed in enabled protocols.

file link: https://drive.google.com/drive/folder...

arq's avatar
1
arq
asked 2021-10-12 19:26:28 +0000, updated 2021-10-13 03:50:29 +0000
edit flag offensive 0 remove flag close merge delete

Comments

There is not enough information available to determine what the issue is. There could be many causes (traffic is on a "protected" Wi-Fi network so Wireshark would need the password to encrypt it, the traffic is on a non-standard port, the traffic is over TLS etc.), so we'd have to see the capture file to answer the question.

Guy Harris's avatar Guy Harris (2021-10-12 21:11:03 +0000) edit
more
  • delete

Thanks Gary for your comment. Actually it is not a problem with capture, it is an issue with my display. When I am opening a file with SIP messages, it does not display them as separate SIP protocol messages, it is showing within TCP. not sure how can I attach a file here. When I try to attach, it says >60 points required.

arq's avatar arq (2021-10-12 23:10:30 +0000) edit
more
  • delete

Put the capture file on a public share (Google, Dropbox, OneDrive, ...) then update your question with a link to the file.

Chuckc's avatar Chuckc (2021-10-12 23:48:56 +0000) edit
more
  • delete

Here is the link to pcap file - it should be accessible. Thanks https://drive.google.com/drive/folder...

arq's avatar arq (2021-10-13 03:19:55 +0000) edit
more
  • delete

Capture file indeed looks fine, showing SIP messages. Can you go and select a different profile in Wireshark and see what changes.

Jaap's avatar Jaap (2021-10-13 05:57:14 +0000) edit
more
  • delete
add a comment see more comments