<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Cambria;
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:blue;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=EN-CA link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'>Hello,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'>With an understanding of Wireshark and/or PCAP file structure and a
little Perl magic you can whip up a simple script in less than 100 lines which
will pull the exact information you’re looking for from existing PCAP
files.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'>As for real-time capturing, I can’t speak with any
familiarity for Alex’s product however I can say that scalability of any solutions
for real-time capturing/analysis without any type of ASICs or custom hardware have
limited scalability, especially if you’re capturing all signalling and media
for all call legs for several thousands of simultaneous calls at once in a
multi-protocol VoIP environment. We have had to rely on a commercial
hardware/software vendor solution in order to capture larger volumes of traffic
without loss. You can still pull a decent solution together without a
full commercial solution using a special NIC, carefully tuned PCAP filters, and
a sufficiently distributed L2 switching network.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'>Regards,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:blue'>Justin
Randall</span><span style='color:blue'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'>Team Leader - VoIP Engineering</span><span style='font-family:"Calibri","sans-serif";
color:blue'><o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";
color:blue'>Comwave Telecom Inc.</span><span style='font-size:10.0pt;
font-family:"Calibri","sans-serif";color:blue'><o:p></o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US
style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>
voiceops-bounces@voiceops.org [mailto:voiceops-bounces@voiceops.org] <b>On
Behalf Of </b>Brooks Bridges<br>
<b>Sent:</b> June-23-10 2:23 PM<br>
<b>To:</b> 'Lee Riemer'; voiceops@voiceops.org<br>
<b>Subject:</b> Re: [VoiceOps] Splitting SIP+RTP PCAP files<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>It does not. We didn’t see a need for that, as we
use it as a real-time “backlog” of calls for troubleshooting.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Brooks R. Bridges<o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Telecommunications Manager<o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Ifbyphone, Inc.<o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Phone: (847) 983-3000<o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Fax: (847) 676-6553<o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>bbridges@ifbyphone.com<o:p></o:p></span></i></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>http://www.ifbyphone.com<o:p></o:p></span></i></p>
</div>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif";color:windowtext'>From:</span></b><span lang=EN-US
style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>
voiceops-bounces@voiceops.org [mailto:voiceops-bounces@voiceops.org] <b>On
Behalf Of </b>Lee Riemer<br>
<b>Sent:</b> Wednesday, June 23, 2010 12:18 PM<br>
<b>To:</b> voiceops@voiceops.org<br>
<b>Subject:</b> Re: [VoiceOps] Splitting SIP+RTP PCAP files<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Will it work on data already captured in
.pcap files?<br>
<br>
On 6/23/2010 12:07 PM, Brooks Bridges wrote: <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>The utility was written by Alex as a replacement for
pcapsipdump. pcapsipdump suffers from severe performance and stability
problems with any appreciable traffic.</span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> </span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I can vouch that Alex’s utility is very stable and
efficient, but I do have to take exception to the “inexpensive (read:
basically free!)” statement, as the utility is wholly owned (as per work-for-hire
agreement) by Ifbyphone, Inc.</span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> </span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Please contact me off-list if you would like to discuss using
the utility. I do not believe there is an issue with us releasing the
utility “free as in beer”, however I am not the one that can
authorize such a release. I will have to confirm this with our upper
management.</span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> </span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks</span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> </span><span lang=EN-US><o:p></o:p></span></p>
<div>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Brooks R. Bridges</span></i><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Telecommunications Manager</span></i><span
lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Ifbyphone, Inc.</span></i><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Phone: (847) 983-3000</span></i><span
lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'>Fax: (847) 676-6553</span></i><span
lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'><a href="mailto:bbridges@ifbyphone.com">bbridges@ifbyphone.com</a></span></i><span
lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><i><span lang=EN-US style='font-size:11.0pt;font-family:
"Cambria","serif";color:#1F497D'><a href="http://www.ifbyphone.com">http://www.ifbyphone.com</a></span></i><span
lang=EN-US><o:p></o:p></span></p>
</div>
<p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'> </span><span lang=EN-US><o:p></o:p></span></p>
<div>
<div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0cm 0cm 0cm;
border-color:-moz-use-text-color -moz-use-text-color'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> <a
href="mailto:voiceops-bounces@voiceops.org">voiceops-bounces@voiceops.org</a> [<a
href="mailto:voiceops-bounces@voiceops.org">mailto:voiceops-bounces@voiceops.org</a>]
<b>On Behalf Of </b>Darren Schreiber<br>
<b>Sent:</b> Wednesday, June 23, 2010 11:58 AM<br>
<b>To:</b> Nicholas Sten; Kristian Kielhofner<br>
<b>Cc:</b> <a href="mailto:voiceops@voiceops.org">voiceops@voiceops.org</a><br>
<b>Subject:</b> Re: [VoiceOps] Splitting SIP+RTP PCAP files</span><span
lang=EN-US><o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p>
<pre><span lang=EN-US style='font-family:"Tahoma","sans-serif"'>What's wrong with pcapsipdump? You can pipe input into that I believe... its an old tool but it still works. :-)</span><span
lang=EN-US><o:p></o:p></span></pre><pre><span lang=EN-US style='font-family:
"Tahoma","sans-serif"'> </span><span lang=EN-US><o:p></o:p></span></pre><pre><span
lang=EN-US style='font-family:"Tahoma","sans-serif"'>Nicholas Sten <a
href="mailto:nicksten@gmail.com"><nicksten@gmail.com></a> wrote:</span><span
lang=EN-US><o:p></o:p></span></pre><pre><span lang=EN-US style='font-family:
"Tahoma","sans-serif"'> </span><span lang=EN-US><o:p></o:p></span></pre>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-US>Kristian,<br>
<br>
Alex has an elegant and inexpensive (read: basically free!) solution that you
might want to check out. Here's a brief description (I've culled from a
personal email, so I hope I don't misrepresent it)<br>
<br>
<i>So I wrote a highly parallelised, multithreaded tool that runs on such a
"capture box" and listens to SIP traffic intelligently. It
automatically identifies the media ports involved in a call and records both
SIP and RTP to distinct capture files in a dated directory hierarchy separated
by day and hour. The capture file contains the date, time, ANI, DNIS and
Call-ID.</i><br>
<br>
You should give him a shout: Alex Balashov <<a
href="mailto:abalashov@evaristesys.com">abalashov@evaristesys.com</a>><br>
<br>
I can vouch for the quality and effectiveness of his solutions.<br>
<br>
-N<br>
<br>
<o:p></o:p></span></p>
<div>
<p class=MsoNormal><span lang=EN-US>On Wed, Jun 23, 2010 at 9:02 AM, Kristian
Kielhofner <<a href="mailto:kristian.kielhofner@gmail.com">kristian.kielhofner@gmail.com</a>>
wrote:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Hello everyone,<br>
<br>
Does anyone know of a tool to split PCAP files that is SIP+RTP<br>
aware? Ideally I'd be able to record a PCAP file with any number of<br>
calls and then have a utility split that file into each separate call?<br>
I'm pretty sure I've seen a utility to do this, I just can't remember<br>
the name...<br>
<br>
Thanks!<br>
<br>
--<br>
Kristian Kielhofner<br>
<a href="http://www.astlinux.org" target="_blank">http://www.astlinux.org</a><br>
<a href="http://blog.krisk.org" target="_blank">http://blog.krisk.org</a><br>
<a href="http://www.star2star.com" target="_blank">http://www.star2star.com</a><br>
<a href="http://www.submityoursip.com" target="_blank">http://www.submityoursip.com</a><br>
<a href="http://www.voalte.com" target="_blank">http://www.voalte.com</a><br>
_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><o:p></o:p></span></p>
</div>
<p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p>
</div>
<pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span lang=EN-US><o:p> </o:p></span></pre><pre><span
lang=EN-US>_______________________________________________<o:p></o:p></span></pre><pre><span
lang=EN-US>VoiceOps mailing list<o:p></o:p></span></pre><pre><span lang=EN-US><a
href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><o:p></o:p></span></pre><pre><span
lang=EN-US><a href="https://puck.nether.net/mailman/listinfo/voiceops">https://puck.nether.net/mailman/listinfo/voiceops</a><o:p></o:p></span></pre><pre><span
lang=EN-US> <o:p></o:p></span></pre></div>
</body>
</html>