<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Will it work on data already captured in .pcap files?<br>
<br>
On 6/23/2010 12:07 PM, Brooks Bridges wrote:
<blockquote cite="mid:002f01cb12f6$a063c920$e12b5b60$@com" type="cite">
<meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">The
utility was written by Alex as a replacement for
pcapsipdump. pcapsipdump suffers from severe performance and stability
problems
with any appreciable traffic.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">I
can vouch that Alex’s utility is very stable and efficient,
but I do have to take exception to the “inexpensive (read: basically
free!)” statement, as the utility is wholly owned (as per work-for-hire
agreement)
by Ifbyphone, Inc.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">Please
contact me off-list if you would like to discuss using
the utility. I do not believe there is an issue with us releasing the
utility
“free as in beer”, however I am not the one that can authorize such
a release. I will have to confirm this with our upper management.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">Thanks<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);">Brooks
R. Bridges<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);">Telecommunications
Manager<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);">Ifbyphone,
Inc.<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);">Phone:
(847) 983-3000<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);">Fax:
(847) 676-6553<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"><a class="moz-txt-link-abbreviated" href="mailto:bbridges@ifbyphone.com">bbridges@ifbyphone.com</a><o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"><a class="moz-txt-link-freetext" href="http://www.ifbyphone.com">http://www.ifbyphone.com</a><o:p></o:p></span></i></p>
</div>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";">
<a class="moz-txt-link-abbreviated" href="mailto:voiceops-bounces@voiceops.org">voiceops-bounces@voiceops.org</a> [<a class="moz-txt-link-freetext" href="mailto:voiceops-bounces@voiceops.org">mailto:voiceops-bounces@voiceops.org</a>] <b>On
Behalf
Of </b>Darren Schreiber<br>
<b>Sent:</b> Wednesday, June 23, 2010 11:58 AM<br>
<b>To:</b> Nicholas Sten; Kristian Kielhofner<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:voiceops@voiceops.org">voiceops@voiceops.org</a><br>
<b>Subject:</b> Re: [VoiceOps] Splitting SIP+RTP PCAP files<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<pre><span style="font-family: "Tahoma","sans-serif"; color: black;">What's wrong with pcapsipdump? You can pipe input into that I believe... its an old tool but it still works. :-)<o:p></o:p></span></pre>
<pre><span style="font-family: "Tahoma","sans-serif"; color: black;"><o:p> </o:p></span></pre>
<pre><span style="font-family: "Tahoma","sans-serif"; color: black;">Nicholas Sten <a class="moz-txt-link-rfc2396E" href="mailto:nicksten@gmail.com"><nicksten@gmail.com></a> wrote:<o:p></o:p></span></pre>
<pre><span style="font-family: "Tahoma","sans-serif"; color: black;"><o:p> </o:p></span></pre>
<div>
<p class="MsoNormal" style="margin-bottom: 12pt;">Kristian,<br>
<br>
Alex has an elegant and inexpensive (read: basically free!) solution
that you
might want to check out. Here's a brief description (I've culled from
a
personal email, so I hope I don't misrepresent it)<br>
<br>
<i>So I wrote a highly parallelised, multithreaded tool that runs on
such a
"capture box" and listens to SIP traffic intelligently. It
automatically identifies the media ports involved in a call and records
both
SIP and RTP to distinct capture files in a dated directory hierarchy
separated
by day and hour. The capture file contains the date, time, ANI, DNIS
and
Call-ID.</i><br>
<br>
You should give him a shout: Alex Balashov <<a moz-do-not-send="true"
href="mailto:abalashov@evaristesys.com">abalashov@evaristesys.com</a>><br>
<br>
I can vouch for the quality and effectiveness of his solutions.<br>
<br>
-N<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On Wed, Jun 23, 2010 at 9:02 AM, Kristian
Kielhofner <<a moz-do-not-send="true"
href="mailto:kristian.kielhofner@gmail.com">kristian.kielhofner@gmail.com</a>>
wrote:<o:p></o:p></p>
<p class="MsoNormal">Hello everyone,<br>
<br>
Does anyone know of a tool to split PCAP files that is SIP+RTP<br>
aware? Ideally I'd be able to record a PCAP file with any number of<br>
calls and then have a utility split that file into each separate call?<br>
I'm pretty sure I've seen a utility to do this, I just can't remember<br>
the name...<br>
<br>
Thanks!<br>
<br>
--<br>
Kristian Kielhofner<br>
<a moz-do-not-send="true" href="http://www.astlinux.org"
target="_blank">http://www.astlinux.org</a><br>
<a moz-do-not-send="true" href="http://blog.krisk.org" target="_blank">http://blog.krisk.org</a><br>
<a moz-do-not-send="true" href="http://www.star2star.com"
target="_blank">http://www.star2star.com</a><br>
<a moz-do-not-send="true" href="http://www.submityoursip.com"
target="_blank">http://www.submityoursip.com</a><br>
<a moz-do-not-send="true" href="http://www.voalte.com" target="_blank">http://www.voalte.com</a><br>
_______________________________________________<br>
VoiceOps mailing list<br>
<a moz-do-not-send="true" href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
<a moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/voiceops"
target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
VoiceOps mailing list
<a class="moz-txt-link-abbreviated" href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/voiceops">https://puck.nether.net/mailman/listinfo/voiceops</a>
</pre>
</blockquote>
</body>
</html>