This wiki has been migrated to https://gitlab.com/wireshark/wireshark/-/wikis/home and is now deprecated. Please use that site instead.
Differences between revisions 1 and 2
Revision 1 as of 2006-07-23 21:10:43
Size: 1696
Editor: h141n1fls34o887
Comment:
Revision 2 as of 2006-12-15 12:32:05
Size: 1660
Editor: cacher6
Comment:
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
 * ["TCP"]: Typically, PROTO uses ["TCP"] as its transport protocol. The well known TCP port for PROTO traffic is 80. Typically, Sigcomp uses the same transport protocol as the compressed protocol.
Line 33: Line 33:
A complete list of PROTO display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference] A complete list of Sigcomp display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference]

Signaling Compression (SIGCOMP)

Signaling Compression (SigComp), a solution for compressing messages generated by application protocols such as the Session Initiation Protocol (SIP) (RFC 3261) and the Real Time Streaming Protocol (RTSP) (RFC 2326).

History

Protocol dependencies

Typically, Sigcomp uses the same transport protocol as the compressed protocol.

Example traffic

XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).

Wireshark

The SIGCOMP dissector is fully functional, and can display the uploded UDVM code and decompress messages if the messages containing the UDVM code is seen. The SIP library is included. Reassembly of segmented TCP packaages are NOT included.

Preference Settings

The level of detail of UDVM execution can be set as well as port used.

Example capture file

Display Filter

A complete list of Sigcomp display filter fields can be found in the [http://www.wireshark.org/docs/dfref/protofirstletter/proto.html display filter reference]

  • Show only the PROTO based traffic:

     proto 

Capture Filter

You cannot directly filter PROTO protocols while capturing. However, if you know the ["TCP"] port used (see above), you can filter on that one.

  • Capture only the PROTO traffic over the default port (80):

     tcp port 80 

Discussion

Sigcomp (last edited 2008-10-28 10:04:48 by AndersBroman)