Hi all
I have a problem building caputre filter.
I red
http://wiki.wireshark.org/CaptureFilters and tcpdump man, but there are not a lot of information about filters.
I tried this filter :
port 5060 -> I can capture SIP traffic, but only one traffic side (requests)
vlan and port 5060 -> I can capture SIP traffic, but only the other side (responses)
port 5060 or (vlan and port 5060)) -> I can capture traffic for both sides.
It was the same for diameter protocol:
port 3868 -> I can capture Diameter traffic, but only one traffic side (requests)
vlan and port 3868 -> I can capture Diameter traffic, but only the other side (responses)
port 3868 or (vlan and port 3868)) -> I can capture traffic for both sides.
Now if I do
port 5060 or (vlan and port 5060)) or port 3868 or (vlan and port 3868)) -> I can capture Diameter for both sides, but SIP only for responses (as if the first _expression_ "port 5060" was omitted)...
I really don't know how to manage that, I tried a lot of combination, but it doesn't work.
I can't find a good documentation or tutorial about tcpdump capture filtering.
I hope in your help
Thanks in advance
Louis
