Wireshark-users: Re: [Wireshark-users] filter application layer frames during capture kernel (SIP
From: Manolis Katsidoniotis <manoska@xxxxxxxxx>
Date: Wed, 24 Jan 2018 14:31:21 +0000
Hello

Thanks.
Yes further to Guy's comment,
due to high traffic coming from servers which are faster than the capture equipment,
I need to filter during capture otherwise
specific frames which I need are dropped
while others that I don't need are captured.

Thanks
Manolis

On Tue, Jan 23, 2018 at 11:43 AM Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Jan 23, 2018, at 5:31 AM, Dignam, Mark <Mark.Dignam@xxxxxxxx> wrote:

> Yeah in the filter option just add in sip contains XXXXXX (where XXXXXX is the MSISDN or part there of)

That's a *display* filter, so it won't filter out packets during the capture process.

Filtering specific SIP packets at capture time is much harder; see the ask.wireshark.com answer to which Anders pointed.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe