Any Detect SIP errors in some VoIP trace files.
Open up the trace file called TR dash VoIP dash extension DRP cap energy and this trace file does have some simple errors in it. And why shark does have a statistic available to quickly see SIP errors but we’re going to improve on that if we want to use the built-in capability in wire shark.
Error responses a sip
We can go up to the telephony menu item and simply go to sip my shark will prompt us if we want to create a filter for this and we’re not going to we’ll just build the stats and we’ll see the SIP statistics and window will populate and sure enough we can see that we have some sip for 88. Not acceptable here. Error responses a sip. Response Codes are somewhat similar to HP Response Codes.
Any response code beginning with a 3 would be a redirection. Anything that begins with a zip code of starting with 4 is going to be a client error. Anything getting a step code of 5 is a server error. And then we’ve got an extra set here which has global failures. So if we’re interested in ship errors we’ve got to tell where sharks are instead.
Anytime that sip response code is 400 or higher and that will get us client errors server errors and global failures and it’ll be faster than opening up this window.
The session initiation protocol section
So I’m going to close down this window and the first thing I need to find is a sip response code so I’m looking for the line that has a response code in it and I need to figure out what the name of that response code field is. So packet number three we can see is a super response. If you have a 200 OK, then you will also have PAC number two is a 100 trying you could use either of those packets and expand the session initiation protocol section in the detail window.
We’re going to have to expand out the status line section as well so that we can have the status code on its own line. Once we do that we can see the name of that field as sip dot status dash code. And this is ugly because up until this point all of our display filters were always lower case. And then with VoIP display filters coming in suddenly, we have initial uppercase and that can cause you problems if you don’t realize that some of the field names have upper and lower case mixed now so that I don’t have to type it in I’m just simply going to write.
Two SIP error responses
Mouse click and I’ll say they want to prepare a filter based on the selected value. I just use that so I don’t have to type in the field name. Remember we’re interested in errors and any SIP response code that is greater than or equal to 400 will be an error. You’ll notice I didn’t put a space in front of the 4 and 400. I don’t need to put a space on either side when I’m using these symbols for my operators but if I were using G E for greater than or equal to I would have to put spaces on either side of the G E I’ll go ahead and apply this to test it out and there the two SIP error responses.
Once I know this works I can click save and give this a name of SIP. The R R. S say OK now at this point I’ve run out of space on my display filter line to handle all of my filter expression buttons and once that happens where shock will give you the double arrow on the right-hand side and I’ll bring my window in a little bit so you can see what happens. Notice how they disappear and that’s because they’re all listed in a drop-down right here. And once you have used up all the space in the drop-down area then you will see a scroll bar show up so you can scroll through a list of your filter expression buttons.