A few random thoughts on the topic of capture/analysis/forensics.... 1. We've found enough interesting SIP packets excluded from wireshark's "voip calls" graph that we only use it as a very rough guide to what might have happened. After all, if UC-1 sends a packet that doesn't match the dialog or transaction identifiers expected by UC-2, that is the packet that will probably kill the call and that is also the packet that will NOT appear to be associated with the call in wireshark's graph. These tools build a subset of reality, and the one interesting packet that you need to see might not be included in that subset. Moreover, you need to allow for the possibility of a defect in the tool's filters. 2. Gulp totally rocks: http://staff.washington.edu/corey/gulp/ C. Since when did the USA play soccer? :) David On Wed, Jun 23, 2010 at 10:20 PM, Lee Riemer <lriemer at bestline.net> wrote:
Awesome.
On 6/23/2010 10:39 PM, Brooks Bridges wrote:
To everyone that has contacted me about this application, I'm happy to share with you that I have gotten approval from our CEO to release it as a free app, however it will be restricted in some commercial uses (e.g. you can't repackage it and sell it as a product, etc).
Once I have it past the lawyers and their standard "if you install this and it starts world war 3, it's not our fault" disclaimers that will have to be added, I will make a point to get it set up somewhere and post a link on this list and a couple others.
Please be patient.? As we all know, lawyers like to take their time so it appears that we're paying all that money for a reason. ;-)? Stay tuned!
Brooks R. Bridges Telecommunications Manager Ifbyphone, Inc. Phone: (847) 983-3000 Fax: (847) 676-6553 bbridges at ifbyphone.com http://www.ifbyphone.com
Brooks Bridges wrote:
The utility was written by Alex as a replacement for pcapsipdump. pcapsipdump suffers from severe performance and stability problems with any appreciable traffic.
I can vouch that Alex?s utility is very stable and efficient, but I do have to take exception to the ?inexpensive (read: basically free!)? statement, as the utility is wholly owned (as per work-for-hire agreement) by Ifbyphone, Inc.
Please contact me off-list if you would like to discuss using the utility. I do not believe there is an issue with us releasing the utility ?free as in beer?, however I am not the one that can authorize such a release.? I will have to confirm this with our upper management.
Thanks
Brooks R. Bridges
Telecommunications Manager
Ifbyphone, Inc.
Phone: (847) 983-3000
Fax: (847) 676-6553
bbridges at ifbyphone.com
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Darren Schreiber Sent: Wednesday, June 23, 2010 11:58 AM To: Nicholas Sten; Kristian Kielhofner Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Splitting SIP+RTP PCAP files
What's wrong with pcapsipdump? You can pipe input into that I believe... its an old tool but it still works. :-)
Nicholas Sten <nicksten at gmail.com> wrote:
Kristian,
Alex has an elegant and inexpensive (read: basically free!) solution that you might want to check out.? Here's a brief description (I've culled from a personal email, so I hope I don't misrepresent it)
So I wrote a highly parallelised, multithreaded tool that runs on such a "capture box" and listens to SIP traffic intelligently.? It automatically identifies the media ports involved in a call and records both SIP and RTP to distinct capture files in a dated directory hierarchy separated by day and hour.? The capture file contains the date, time, ANI, DNIS and Call-ID.
You should give him a shout: Alex Balashov <abalashov at evaristesys.com>
I can vouch for the quality and effectiveness of his solutions.
-N
On Wed, Jun 23, 2010 at 9:02 AM, Kristian Kielhofner <kristian.kielhofner at gmail.com> wrote:
Hello everyone,
?Does anyone know of a tool to split PCAP files that is SIP+RTP aware? ?Ideally I'd be able to record a PCAP file with any number of calls and then have a utility split that file into each separate call? ?I'm pretty sure I've seen a utility to do this, I just can't remember the name...
Thanks!
-- Kristian Kielhofner http://www.astlinux.org http://blog.krisk.org http://www.star2star.com http://www.submityoursip.com http://www.voalte.com _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
________________________________ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops