[VoiceOps] Splitting SIP+RTP PCAP files

Justin Randall jrandall at comwave.net
Wed Jun 23 14:49:13 EDT 2010 

Hello,

 

With an understanding of Wireshark and/or PCAP file structure and a
little Perl magic you can whip up a simple script in less than 100 lines
which will pull the exact information you're looking for from existing
PCAP files.

 

As for real-time capturing, I can't speak with any familiarity for
Alex's product however I can say that scalability of any solutions for
real-time capturing/analysis without any type of ASICs or custom
hardware have limited scalability, especially if you're capturing all
signalling and media for all call legs for several thousands of
simultaneous calls at once in a multi-protocol VoIP environment.  We
have had to rely on a commercial hardware/software vendor solution in
order to capture larger volumes of traffic without loss.  You can still
pull a decent solution together without a full commercial solution using
a special NIC, carefully tuned PCAP filters, and a sufficiently
distributed L2 switching network.

 

Regards,

 

Justin Randall

Team Leader - VoIP Engineering

Comwave Telecom Inc.

From: voiceops-bounces at voiceops.org
[mailto:voiceops-bounces at voiceops.org] On Behalf Of Brooks Bridges
Sent: June-23-10 2:23 PM
To: 'Lee Riemer'; voiceops at voiceops.org
Subject: Re: [VoiceOps] Splitting SIP+RTP PCAP files

 

It does not.  We didn't see a need for that, as we use it as a real-time
"backlog" of calls for troubleshooting.

 

Brooks R. Bridges

Telecommunications Manager

Ifbyphone, Inc.

Phone: (847) 983-3000

Fax: (847) 676-6553

bbridges at ifbyphone.com

http://www.ifbyphone.com

 

From: voiceops-bounces at voiceops.org
[mailto:voiceops-bounces at voiceops.org] On Behalf Of Lee Riemer
Sent: Wednesday, June 23, 2010 12:18 PM
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] Splitting SIP+RTP PCAP files

 

Will it work on data already captured in .pcap files?

On 6/23/2010 12:07 PM, Brooks Bridges wrote: 

The utility was written by Alex as a replacement for pcapsipdump.
pcapsipdump suffers from severe performance and stability problems with
any appreciable traffic.

 

I can vouch that Alex's utility is very stable and efficient, but I do
have to take exception to the "inexpensive (read: basically free!)"
statement, as the utility is wholly owned (as per work-for-hire
agreement) by Ifbyphone, Inc.

 

Please contact me off-list if you would like to discuss using the
utility.  I do not believe there is an issue with us releasing the
utility "free as in beer", however I am not the one that can authorize
such a release.  I will have to confirm this with our upper management.

 

Thanks

 

Brooks R. Bridges

Telecommunications Manager

Ifbyphone, Inc.

Phone: (847) 983-3000

Fax: (847) 676-6553

bbridges at ifbyphone.com

http://www.ifbyphone.com

 

From: voiceops-bounces at voiceops.org
[mailto:voiceops-bounces at voiceops.org] On Behalf Of Darren Schreiber
Sent: Wednesday, June 23, 2010 11:58 AM
To: Nicholas Sten; Kristian Kielhofner
Cc: voiceops at voiceops.org
Subject: Re: [VoiceOps] Splitting SIP+RTP PCAP files

 

What's wrong with pcapsipdump? You can pipe input into that I believe...
its an old tool but it still works. :-)
 
Nicholas Sten <nicksten at gmail.com> <mailto:nicksten at gmail.com>  wrote:
 

Kristian,

Alex has an elegant and inexpensive (read: basically free!) solution
that you might want to check out.  Here's a brief description (I've
culled from a personal email, so I hope I don't misrepresent it)

So I wrote a highly parallelised, multithreaded tool that runs on such a
"capture box" and listens to SIP traffic intelligently.  It
automatically identifies the media ports involved in a call and records
both SIP and RTP to distinct capture files in a dated directory
hierarchy separated by day and hour.  The capture file contains the
date, time, ANI, DNIS and Call-ID.

You should give him a shout: Alex Balashov <abalashov at evaristesys.com>

I can vouch for the quality and effectiveness of his solutions.

-N



On Wed, Jun 23, 2010 at 9:02 AM, Kristian Kielhofner
<kristian.kielhofner at gmail.com> wrote:

Hello everyone,

 Does anyone know of a tool to split PCAP files that is SIP+RTP
aware?  Ideally I'd be able to record a PCAP file with any number of
calls and then have a utility split that file into each separate call?
 I'm pretty sure I've seen a utility to do this, I just can't remember
the name...

Thanks!

--
Kristian Kielhofner
http://www.astlinux.org
http://blog.krisk.org
http://www.star2star.com
http://www.submityoursip.com
http://www.voalte.com
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops

 

 
 
_______________________________________________
VoiceOps mailing list
VoiceOps at voiceops.org
https://puck.nether.net/mailman/listinfo/voiceops
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20100623/bfb4c9b0/attachment.html>

More information about the VoiceOps mailing list