Wireshark-users: [Wireshark-users] Problem Filtering H323 Calls
From: "Keith French" <keithfrench@xxxxxxxxxxxxx>
Date: Mon, 24 Jul 2006 16:10:34 +0100
When you have multiple H.323 calls in a trace it is possible to build a display filter that will cut down the display to just the H.323, H.245, RTP & RTCP packets for one particular call. However, a far easier way is the "VoIP Calls" entry on the Statistics menu.
 
This worked fine up to including Ethereal V0.10.14, but all releases since that up to & including the current version of Wireshark (0.99.2), seem to function incorrectly.
 
With recent changes in 0.99.2pre1, it is better than before, in so much as it does list H323 calls, rather than just the packets. However, comparing it to Ethereal V0.10.14 it does not know any calling or called party numbers, nor does it list all of the calls and does not know the state of a call.
 
I can supply screen shots of the same trace opened in Ethereal & Wireshark as well as an example trace, if someone can look into this for me.
 
Keith French.
 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.3/395 - Release Date: 21/07/2006