• #Networking
• #RTP
• #SIP
• #Tools
• #VoIP
• #Wireshark

Posted: 10/12/2023

Filtering A Pcap VoIP Recording To A Specific Call In Wireshark

Open your Pcap file in Wireshark.

On the menu, choose Telephony->VoIP Calls calls

Then find the call you want in the list, and select it. (Look for an INVITE 200 in the Comments section, and a From that has a phone number in it).

Once selected, press Prepare Filter button.

This will change the main screen of Wireshark to have a filter like:

Then on the main Wireshark window, select File->Export Specified Packets, and then on the following dialog, choose All packets & Displayed

Enter a filename and a location, and hit Save.

Then you can open that new file in Wireshark and it will only contain the packets for that single call.

• #Networking
• #RTP
• #SIP
• #Tools
• #VoIP
• #Wireshark

Thanks for reading this post.

If you want to reach out, catch me on Twitter!

Tweet to @MicbOliver

I am always open to mentoring people, so get in touch.