Re: Question about filtering

[Sake Blok <sake () euronet nl>]

And then in the graph, click on the point where the communication drops one-side and the corresponding packet will be 
selected in the packet-list. 

You can also do it with filtering and searching. First determine which side stops communicating. Now apply the filter 
"ip.src==<IP-of-side-not-communicating>". In the beginning of the trace, check the delta time between the frames, this 
should be a rather constant value. Now open "Edit -> Find Packet" and do a search based on the display filter 
"frame.time_delta_displayed > X" where X is just a little bit bigger than the interval at which the RTP frames were 
sent.

Cheers,
Sake


On 5 dec 2011, at 08:04, Boonie wrote:

> Try this:
>  
> Go to Statistics > IO Graphs
>  
> Make two filters like : ip.src == x.x.x.x 
> And ip.dst == x.x.x.x
>  
> Regards,
>  
> Dave
>  
> ----- Original Message -----
> From: FS
> To: wireshark-users () wireshark org
> Sent: Monday, December 05, 2011 5:22 AM
> Subject: [Wireshark-users] Question about filtering
>
> Greetings!
>
> I'm investigating audio-loss for a VoIP implementation. When I listen to the RTP stream, I can see that at a certain 
> point in the conversation one party starts to "not hear" the other side. In other words, one-way audio muting is 
> happening. 
>
> My question is how do I correlate that particular muting which I can deduce (from one side in question repeating 
> their hellos again and again) in the stream to a packet-stream in wireshark? So how do I know the point where the 
> packets start to get lost in the conversation from the side that muted? (It's a 100 meg capture)
>
> One way I can think of is to go through the capture packet-by-packet and see where only packets from one side start 
> showing up in the capture, but is there another more elegant way to do this? Can I write a filter in such a way that 
> it finds the packets coming only from one side in succession whereas it should be a to-and-fro that should be 
> reported? 
>
> Hoping that I asked the question clearly. If not, please let me know if more information is needed and/or you know 
> the hidden trick that I seem to be missing :-)
>
> Thanks,
> Basti Ji
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe