Wireshark Filters

Wireshark or Ethereal traces can be filtered to show exactly what you need. Their website has an awesome Display Filter Reference but sometimes it isn’t very clear on how to use them. This post aims to provide a handful of filters and how to use them.

Filter a SIP Trace by Call ID

You might want to filter a trace when you know the Call ID of a call. You may do it the following way:

sip.Call-ID contains 2211178-3446291419-730335

where 2211178-3446291419-730335 is the Call ID. Some Call IDs may contain other characters which Wireshark may not like (visible by the color of the filter field) so you may have to play with it a bit to get a unique string to look for but something which contains only characters that are “valid”.

How do you get a Call ID? Well, you would have to look through the first INVITE message to get this piece of information.


