SIP filter issues

[Manolis Katsidoniotis <manoska () gmail com>]

Hello everyone

I have the following question.

I am filtering a wireshark trace with

((sip.Status-Code==487)&&(sip.to.user contains 46710000))

In other words my intended action is
"please display all 487 status lines for subscribers 46710000* "
or something like: "please show the failed calls for subscribers 46710000* "

however some packets are sent via TCP and are thus multiplexed in TCP
stream frames
the filter displays a "matching" result which contains 2 packets:

- 1 with 487 response which I am interested in but for subscribers that I'm
"not" interested in ... so the packet is useless

- 1 with other response (180 Ringing) which I'm "not" interested in but for
subscribers that I am interested in ... so this packet is also useless

According to my opinion this is a bug in wireshark.
My intention is to display frames in which the filter criteria match in the
"same" packet
so in theory these packets should be excluded.

If yes how I can report it?

If no,
does anyone happen to know
how I can "filter out" these packets and display only the ones that match
both criteria in the same packet?




Thanks in advance
Manolis

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe