Wireshark-users: [Wireshark-users] [Ubuntu-Wireshark1.2.2-SIP] I cannot see some packets with a b
Hi all
I'm using Ubuntu Jaunty.
I installed Wireshark from official package by the "apt-get' command, and
it set up Wireshark 1.0.7 on my computer.
I had some issues with capture filters with this version (I'll develop the
issue below).
That's why I thought it was a 1.0.7 bug, and I downloaded 1.2.2 version from
this site:
http://linux.softpedia.com/get/Internet/HTTP-WWW-/Ethereal-1961.shtml
I moved files in my computer -> /opt/
I red the INSTALL file and did the following:
./configure
I had some problems because there was missing libraries, like flex, bison or
libgtk2.0-dev, but I installed all these libraries, I did a make, and compiled
Wireshark 1.2.2
I launched it, it was working, but I had the same issue than in 1.0.7
So, it's not a bug!!! :)
The issue:
I'm trying to capture SIP traffic
If I launch a capture without any filters, I can see some SIP packets in the
network: REGISTER, 401 UNAUTHORIZED, 200OK...
all these SIP messages are working with UDP and port 5060 (for source AND
destination)
If I launch with a capture filter (I tried a lot of filters: udp, port 5060,
src port 5060, udp port 5060, host xxx.xxx.xxx.xxx, ...) I cannot see REGISTERs
(or all sip requests in general) anymore for all these filters.
I’m able to see these packets without filter... Why can’t I see them with th
filter?
Some friend told me it's a libpcap problem. The libpcap version in my computer
is 1.0.0-1 (almost the last one)
What's going on??? I really don't understand.
I had some capture filters for wireshark under Windows XP, I put the same
filters for Wireshark under Ubuntu (for 2 Wireshark versions) and it doesn't
work...
It's really strange.
If someone has a solution, it would be a salvation for me.
Thanks in advance
Best regards
Ketzaldev
