On 30/03/11 18:22, keithjamieson@hotmail.co.uk wrote:
Use Wireshark and then go to
Capture -> Options
Ensure the correct interface is selected in the drop down. Because you are capturing on the same machine you dont need "Capture packets in promiscuous mode" ( but I dont think it will harm you.
And in the field "Capture filter" enter "port 50000" then click "Start" and it will only capture stuff on the port.
Thanks, that's given me a Wireshark log. (And it looks like the problem I'm investigating is a firmware issue in the device I'm talking to, as the manufacturer has taken that log and think they've spotted the issue.)
Good.
You then will only capture the info you require. There are other tools to "follow this stream" and I think this will put the conversation(s) back into "proper text".
I think it's the "follow this stream" bit that I'm interested in now, I'll go and play.
I only have SIP traces with me ATM and I click on "Follow UDP Stream" and this gives me the text of the SIP conversation. You have the options to view as various options, find, save as, and print.
I dont know the format of what you are using, but glad you got enough info to blame them :)
Keith