I have a packet that contains thousands of calls. I am trying to look at http packets that are related to a specific Call-ID. is there a way i can filter my PCAP to just show the SIP messages and http packets related to specific Call-ID.
To display all SIP packets with the same Call-ID, you can use the filter sip.Call-ID == <call-id>, the easiest way to do that is to open up the SIP details in the details pane and then drag the line that starts with "Call-ID" to the filter bar.
As HTTP and SIP are different protocols, there is no inherent relationship between the HTTP packets and the SIP packets. If there are HTTP packets related to the SIP call setup, do they have a mutual identifier in the headers? Is the Call-ID for instance listed in an HTTP header? In that case, you can filter on the specific header containing the Call-ID value. But that would be specific for your setup, so without knowing how this relationship is visible in the packets, it is not possible to advice you on how to filter in this specific case.
That's the type of thing MATE is good for: 12.5. MATE’s configuration tutorial
There have been some recent fixes to it so you may want to test with recent code.
Can you provide a small sample capture if there are further questions?
I'll look into it but it seems to complicated for me. Sorry due to company policies i can't share the pcap. I thought there would be a filer that i can use.
Comments