It looks like your session initiation is encrypted (Begin Frame 406).
Immediately after DNS query voipb.sip.yahoo.com (Frames 397 - 398) with
answers in (Frames 403 -405). You will not be able to decrypt any of the
setup exchange. :(
Robert D. Scott Robert@xxxxxxx
Senior Network Engineer 352-273-0113 Phone
CNS - Network Services 352-392-2061 CNS Phone Tree
University of Florida 352-392-9440 FAX
Florida Lambda Rail 352-294-3571 FLR NOC
Gainesville, FL 32611 321-663-0421 Cell
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of vishal borkar
Sent: Wednesday, March 24, 2010 1:28 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] One IP-Port pair missing in the pcap file
Hello all,
I recently captured a yahoo voice communication between my machine and a
friend.
What i observed was that when i opened the file in a text editor i could not
find the port and the IP of my system on which the actual communication took
place.
FYI my ip ( on which the UDP data travelled ):-192.168.0.230 Port(on which
the UDP data travelled ):- 22308
Though i can clearly see the communication happening on this IP-port pair
when i opened the file in Wireshark.
Can anyone tell me as to why this is happening ?
What i mean is aren't the SIP packets supposed to carry this information ?
Since they are not carrying this information then how is the communication
taking place ?
I am attaching the file for your reference.
Thanks in advance,
Vishal
