When sngrep is running in capture HEP3 traffic mode (-E or -Ec), it shows all HEP-captured packets. But on saving this to pcap, they cannot be read anymore with sngrep -I or Wireshark with HEP plugin.
I see a packet in Wireshark in a plain text, but it cannot be decoded as a part of a SIP flow.
To note, plain UDP SIP packets captured within the same session, are shown correctly.
Example:
notify_trace.zip
version: 1.8.2
P.S.: reopen of #508
When sngrep is running in capture HEP3 traffic mode (-E or -Ec), it shows all HEP-captured packets. But on saving this to pcap, they cannot be read anymore with sngrep -I or Wireshark with HEP plugin.
I see a packet in Wireshark in a plain text, but it cannot be decoded as a part of a SIP flow.
To note, plain UDP SIP packets captured within the same session, are shown correctly.
Example:
notify_trace.zip
version: 1.8.2
P.S.: reopen of #508