I am developing a software which captures the UDP packets by using pcap lib in c++.
What is the way of understanding that received UDP packet is carrying SIP message in itself without using any third party software?
5060 port can be one of the ways but what if it is changed to something else?
Ex: My SIP Server is working on port #10000. In that case how can I understand it?
What is the way of understanding that received UDP packet is carrying SIP message in itself without using any third party software?
The way of understanding is to read the specification of SIP in RFC3261 or a shorter introduction at ArsTechnica. There you will find the message format which you can then use to extract as much information as you need to either only match the packet with some heuristic or parse it full.
A good and simple heuristic might be a match of the first line, which either ends with "SIP/2.0" (request) or starts with "SIP/2.0" (response).
Currently there are no options that can break down the capture packets to the relevant Layer 7 application protocol in the capture library. You can do post-processing to capture the data segment and putting simple checks for detecting the first or two character of message to match the SIP request or response.
