First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

I have packet bytes in SIP but I can not see the messages

  • retag add tags

HI Fellows

I have the following doubt.

I received a pcap from another colleague I am seeing that the trace only has the frame and length, but when I view as packet bytes I can see couple of SIP information. I was trying different way to try to decode this packets, but I have not idea why I am not able to see it. Anything that I need to check in the frame and later do it to be able to decode and see the complete SIP messages?

Regards, Guillermo

Guillermo's avatar
1
Guillermo
asked 2024-01-24 01:43:21 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Hi Fellows, If someone has any hints just let me know.

Regards

Guillermo's avatar Guillermo (2024-01-29 15:37:03 +0000) edit
more
  • delete

Sharing a capture file goes a long way. An image (even if it was visible) doesn't reveil enough information.

Jaap's avatar Jaap (2024-01-29 17:29:33 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

The most common issue is that someone runs tcpdump with the -f option but fails to add the -s 0 option. So you don't have the full packets.

hugo.vanderkooij's avatar
76
hugo.vanderkooij
answered 2024-01-24 10:23:06 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks a lot,

But there is any way to resolve from my site or I need to request the colleague to run the tcpdump back again?

The same thing is happening when I receive a trace for ISUP. I see the trace as DLT_User 162, then I set as the image and I am only seeing the CIC info.

image description

I really appreciate a lot all your help.

Regards, Guillermo

Let me know if you are able to see the attachment files.

Guillermo's avatar Guillermo (2024-01-24 13:51:31 +0000) edit
more
  • delete

DLT = User 15 (DLT=162) Payload protocol = isup Header size = 0 Header protocol = ? I don´t know if I need to define something here Trailer size = 0 Trailer protocol =? I don´t know if I need to define something here

Guillermo's avatar Guillermo (2024-01-24 13:55:07 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer