<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
...and time.<br>
<br>
On 6/23/2010 1:49 PM, Justin Randall wrote:
<blockquote
cite="mid:2CC63AA41701044D930D422BE2EC5A111D1C8D@mx1.comwave.net"
type="cite">
<meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;">With
an understanding of Wireshark and/or PCAP file structure and a
little Perl magic you can whip up a simple script in less than 100
lines which
will pull the exact information you’re looking for from existing PCAP
files.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;">As
for real-time capturing, I can’t speak with any
familiarity for Alex’s product however I can say that scalability of
any solutions
for real-time capturing/analysis without any type of ASICs or custom
hardware have
limited scalability, especially if you’re capturing all signalling and
media
for all call legs for several thousands of simultaneous calls at once
in a
multi-protocol VoIP environment. We have had to rely on a commercial
hardware/software vendor solution in order to capture larger volumes of
traffic
without loss. You can still pull a decent solution together without a
full commercial solution using a special NIC, carefully tuned PCAP
filters, and
a sufficiently distributed L2 switching network.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-family: "Calibri","sans-serif"; color: blue;">Justin
Randall</span><span style="color: blue;"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;">Team
Leader - VoIP Engineering</span><span
style="font-family: "Calibri","sans-serif"; color: blue;"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;">Comwave
Telecom Inc.</span><span
style="font-size: 10pt; font-family: "Calibri","sans-serif"; color: blue;"><o:p></o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;"
lang="EN-US">
<a class="moz-txt-link-abbreviated" href="mailto:voiceops-bounces@voiceops.org">voiceops-bounces@voiceops.org</a> [<a class="moz-txt-link-freetext" href="mailto:voiceops-bounces@voiceops.org">mailto:voiceops-bounces@voiceops.org</a>] <b>On
Behalf
Of </b>Brooks Bridges<br>
<b>Sent:</b> June-23-10 2:23 PM<br>
<b>To:</b> 'Lee Riemer'; <a class="moz-txt-link-abbreviated" href="mailto:voiceops@voiceops.org">voiceops@voiceops.org</a><br>
<b>Subject:</b> Re: [VoiceOps] Splitting SIP+RTP PCAP files<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">It does not. We didn’t see a need for that, as we
use it as a real-time “backlog” of calls for troubleshooting.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Brooks R. Bridges<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Telecommunications Manager<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Ifbyphone, Inc.<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Phone: (847) 983-3000<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Fax: (847) 676-6553<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US"><a class="moz-txt-link-abbreviated" href="mailto:bbridges@ifbyphone.com">bbridges@ifbyphone.com</a><o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US"><a class="moz-txt-link-freetext" href="http://www.ifbyphone.com">http://www.ifbyphone.com</a><o:p></o:p></span></i></p>
</div>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif"; color: windowtext;"
lang="EN-US">
<a class="moz-txt-link-abbreviated" href="mailto:voiceops-bounces@voiceops.org">voiceops-bounces@voiceops.org</a> [<a class="moz-txt-link-freetext" href="mailto:voiceops-bounces@voiceops.org">mailto:voiceops-bounces@voiceops.org</a>] <b>On
Behalf
Of </b>Lee Riemer<br>
<b>Sent:</b> Wednesday, June 23, 2010 12:18 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:voiceops@voiceops.org">voiceops@voiceops.org</a><br>
<b>Subject:</b> Re: [VoiceOps] Splitting SIP+RTP PCAP files<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Will it work on data already
captured in
.pcap files?<br>
<br>
On 6/23/2010 12:07 PM, Brooks Bridges wrote: <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">The utility was written by Alex as a replacement for
pcapsipdump. pcapsipdump suffers from severe performance and stability
problems with any appreciable traffic.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">I can vouch that Alex’s utility is very stable and
efficient, but I do have to take exception to the “inexpensive (read:
basically free!)” statement, as the utility is wholly owned (as per
work-for-hire
agreement) by Ifbyphone, Inc.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">Please contact me off-list if you would like to discuss
using
the utility. I do not believe there is an issue with us releasing the
utility “free as in beer”, however I am not the one that can
authorize such a release. I will have to confirm this with our upper
management.</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US">Thanks</span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Brooks R. Bridges</span></i><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Telecommunications Manager</span></i><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Ifbyphone, Inc.</span></i><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Phone: (847) 983-3000</span></i><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US">Fax: (847) 676-6553</span></i><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US"><a moz-do-not-send="true"
href="mailto:bbridges@ifbyphone.com">bbridges@ifbyphone.com</a></span></i><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><i><span
style="font-size: 11pt; font-family: "Cambria","serif"; color: rgb(31, 73, 125);"
lang="EN-US"><a moz-do-not-send="true" href="http://www.ifbyphone.com">http://www.ifbyphone.com</a></span></i><span
lang="EN-US"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"
lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US"> <a moz-do-not-send="true"
href="mailto:voiceops-bounces@voiceops.org">voiceops-bounces@voiceops.org</a>
[<a moz-do-not-send="true" href="mailto:voiceops-bounces@voiceops.org">mailto:voiceops-bounces@voiceops.org</a>]
<b>On Behalf Of </b>Darren Schreiber<br>
<b>Sent:</b> Wednesday, June 23, 2010 11:58 AM<br>
<b>To:</b> Nicholas Sten; Kristian Kielhofner<br>
<b>Cc:</b> <a moz-do-not-send="true"
href="mailto:voiceops@voiceops.org">voiceops@voiceops.org</a><br>
<b>Subject:</b> Re: [VoiceOps] Splitting SIP+RTP PCAP files</span><span
lang="EN-US"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<pre><span style="font-family: "Tahoma","sans-serif";" lang="EN-US">What's wrong with pcapsipdump? You can pipe input into that I believe... its an old tool but it still works. :-)</span><span
lang="EN-US"><o:p></o:p></span></pre>
<pre><span style="font-family: "Tahoma","sans-serif";" lang="EN-US"> </span><span
lang="EN-US"><o:p></o:p></span></pre>
<pre><span style="font-family: "Tahoma","sans-serif";" lang="EN-US">Nicholas Sten <a
moz-do-not-send="true" href="mailto:nicksten@gmail.com"><nicksten@gmail.com></a> wrote:</span><span
lang="EN-US"><o:p></o:p></span></pre>
<pre><span style="font-family: "Tahoma","sans-serif";" lang="EN-US"> </span><span
lang="EN-US"><o:p></o:p></span></pre>
<div>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span lang="EN-US">Kristian,<br>
<br>
Alex has an elegant and inexpensive (read: basically free!) solution
that you
might want to check out. Here's a brief description (I've culled from
a
personal email, so I hope I don't misrepresent it)<br>
<br>
<i>So I wrote a highly parallelised, multithreaded tool that runs on
such a
"capture box" and listens to SIP traffic intelligently. It
automatically identifies the media ports involved in a call and records
both
SIP and RTP to distinct capture files in a dated directory hierarchy
separated
by day and hour. The capture file contains the date, time, ANI, DNIS
and
Call-ID.</i><br>
<br>
You should give him a shout: Alex Balashov <<a moz-do-not-send="true"
href="mailto:abalashov@evaristesys.com">abalashov@evaristesys.com</a>><br>
<br>
I can vouch for the quality and effectiveness of his solutions.<br>
<br>
-N<br>
<br>
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">On Wed, Jun 23, 2010 at 9:02
AM, Kristian
Kielhofner <<a moz-do-not-send="true"
href="mailto:kristian.kielhofner@gmail.com">kristian.kielhofner@gmail.com</a>>
wrote:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Hello everyone,<br>
<br>
Does anyone know of a tool to split PCAP files that is SIP+RTP<br>
aware? Ideally I'd be able to record a PCAP file with any number of<br>
calls and then have a utility split that file into each separate call?<br>
I'm pretty sure I've seen a utility to do this, I just can't remember<br>
the name...<br>
<br>
Thanks!<br>
<br>
--<br>
Kristian Kielhofner<br>
<a moz-do-not-send="true" href="http://www.astlinux.org"
target="_blank">http://www.astlinux.org</a><br>
<a moz-do-not-send="true" href="http://blog.krisk.org" target="_blank">http://blog.krisk.org</a><br>
<a moz-do-not-send="true" href="http://www.star2star.com"
target="_blank">http://www.star2star.com</a><br>
<a moz-do-not-send="true" href="http://www.submityoursip.com"
target="_blank">http://www.submityoursip.com</a><br>
<a moz-do-not-send="true" href="http://www.voalte.com" target="_blank">http://www.voalte.com</a><br>
_______________________________________________<br>
VoiceOps mailing list<br>
<a moz-do-not-send="true" href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
<a moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/voiceops"
target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
<pre><span lang="EN-US"><o:p> </o:p></span></pre>
<pre><span lang="EN-US"><o:p> </o:p></span></pre>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">VoiceOps mailing list<o:p></o:p></span></pre>
<pre><span lang="EN-US"><a moz-do-not-send="true"
href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><o:p></o:p></span></pre>
<pre><span lang="EN-US"><a moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/voiceops">https://puck.nether.net/mailman/listinfo/voiceops</a><o:p></o:p></span></pre>
<pre><span lang="EN-US"> <o:p></o:p></span></pre>
</div>
</blockquote>
</body>
</html>