[VoiceOps] Splitting SIP+RTP PCAP files

Lee Riemer lriemer at bestline.net
Wed Jun 23 15:56:50 EDT 2010 

...and time.

On 6/23/2010 1:49 PM, Justin Randall wrote:
>
> Hello,
>
> With an understanding of Wireshark and/or PCAP file structure and a 
> little Perl magic you can whip up a simple script in less than 100 
> lines which will pull the exact information you're looking for from 
> existing PCAP files.
>
> As for real-time capturing, I can't speak with any familiarity for 
> Alex's product however I can say that scalability of any solutions for 
> real-time capturing/analysis without any type of ASICs or custom 
> hardware have limited scalability, especially if you're capturing all 
> signalling and media for all call legs for several thousands of 
> simultaneous calls at once in a multi-protocol VoIP environment.  We 
> have had to rely on a commercial hardware/software vendor solution in 
> order to capture larger volumes of traffic without loss.  You can 
> still pull a decent solution together without a full commercial 
> solution using a special NIC, carefully tuned PCAP filters, and a 
> sufficiently distributed L2 switching network.
>
> Regards,
>
> Justin Randall
>
> Team Leader - VoIP Engineering
>
> Comwave Telecom Inc.
>
> *From:* voiceops-bounces at voiceops.org 
> [mailto:voiceops-bounces at voiceops.org] *On Behalf Of *Brooks Bridges
> *Sent:* June-23-10 2:23 PM
> *To:* 'Lee Riemer'; voiceops at voiceops.org
> *Subject:* Re: [VoiceOps] Splitting SIP+RTP PCAP files
>
> It does not.  We didn't see a need for that, as we use it as a 
> real-time "backlog" of calls for troubleshooting.
>
> /Brooks R. Bridges/
>
> /Telecommunications Manager/
>
> /Ifbyphone, Inc./
>
> /Phone: (847) 983-3000/
>
> /Fax: (847) 676-6553/
>
> /bbridges at ifbyphone.com/
>
> /http://www.ifbyphone.com/
>
> *From:* voiceops-bounces at voiceops.org 
> [mailto:voiceops-bounces at voiceops.org] *On Behalf Of *Lee Riemer
> *Sent:* Wednesday, June 23, 2010 12:18 PM
> *To:* voiceops at voiceops.org
> *Subject:* Re: [VoiceOps] Splitting SIP+RTP PCAP files
>
> Will it work on data already captured in .pcap files?
>
> On 6/23/2010 12:07 PM, Brooks Bridges wrote:
>
> The utility was written by Alex as a replacement for pcapsipdump.  
> pcapsipdump suffers from severe performance and stability problems 
> with any appreciable traffic.
>
> I can vouch that Alex's utility is very stable and efficient, but I do 
> have to take exception to the "inexpensive (read: basically free!)" 
> statement, as the utility is wholly owned (as per work-for-hire 
> agreement) by Ifbyphone, Inc.
>
> Please contact me off-list if you would like to discuss using the 
> utility.  I do not believe there is an issue with us releasing the 
> utility "free as in beer", however I am not the one that can authorize 
> such a release.  I will have to confirm this with our upper management.
>
> Thanks
>
> /Brooks R. Bridges/
>
> /Telecommunications Manager/
>
> /Ifbyphone, Inc./
>
> /Phone: (847) 983-3000/
>
> /Fax: (847) 676-6553/
>
> /bbridges at ifbyphone.com <mailto:bbridges at ifbyphone.com>/
>
> /http://www.ifbyphone.com/
>
> *From:* voiceops-bounces at voiceops.org 
> <mailto:voiceops-bounces at voiceops.org> 
> [mailto:voiceops-bounces at voiceops.org] *On Behalf Of *Darren Schreiber
> *Sent:* Wednesday, June 23, 2010 11:58 AM
> *To:* Nicholas Sten; Kristian Kielhofner
> *Cc:* voiceops at voiceops.org <mailto:voiceops at voiceops.org>
> *Subject:* Re: [VoiceOps] Splitting SIP+RTP PCAP files
>
> What's wrong with pcapsipdump? You can pipe input into that I believe... its an old tool but it still works. :-)
>   
> Nicholas Sten<nicksten at gmail.com>  <mailto:nicksten at gmail.com>  wrote:
>   
>
> Kristian,
>
> Alex has an elegant and inexpensive (read: basically free!) solution 
> that you might want to check out.  Here's a brief description (I've 
> culled from a personal email, so I hope I don't misrepresent it)
>
> /So I wrote a highly parallelised, multithreaded tool that runs on 
> such a "capture box" and listens to SIP traffic intelligently.  It 
> automatically identifies the media ports involved in a call and 
> records both SIP and RTP to distinct capture files in a dated 
> directory hierarchy separated by day and hour.  The capture file 
> contains the date, time, ANI, DNIS and Call-ID./
>
> You should give him a shout: Alex Balashov <abalashov at evaristesys.com 
> <mailto:abalashov at evaristesys.com>>
>
> I can vouch for the quality and effectiveness of his solutions.
>
> -N
>
> On Wed, Jun 23, 2010 at 9:02 AM, Kristian Kielhofner 
> <kristian.kielhofner at gmail.com <mailto:kristian.kielhofner at gmail.com>> 
> wrote:
>
> Hello everyone,
>
>  Does anyone know of a tool to split PCAP files that is SIP+RTP
> aware?  Ideally I'd be able to record a PCAP file with any number of
> calls and then have a utility split that file into each separate call?
>  I'm pretty sure I've seen a utility to do this, I just can't remember
> the name...
>
> Thanks!
>
> --
> Kristian Kielhofner
> http://www.astlinux.org
> http://blog.krisk.org
> http://www.star2star.com
> http://www.submityoursip.com
> http://www.voalte.com
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org <mailto:VoiceOps at voiceops.org>
> https://puck.nether.net/mailman/listinfo/voiceops
>
>   
>   
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org  <mailto:VoiceOps at voiceops.org>
> https://puck.nether.net/mailman/listinfo/voiceops
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20100623/821bbb75/attachment.html>

More information about the VoiceOps mailing list