Splitting SIP+RTP PCAP files
Hello everyone, Does anyone know of a tool to split PCAP files that is SIP+RTP aware? Ideally I'd be able to record a PCAP file with any number of calls and then have a utility split that file into each separate call? I'm pretty sure I've seen a utility to do this, I just can't remember the name... Thanks! -- Kristian Kielhofner http://www.astlinux.org http://blog.krisk.org http://www.star2star.com http://www.submityoursip.com http://www.voalte.com
An HTML attachment was scrubbed... URL: <https://puck.nether.net/pipermail/voiceops/attachments/20100623/2ef13e27/att...>
Check out ucsniff. Peter Fabian | Senior Voice Engineer | Telesphere | P: 4803857059 | F: 4803857079 On Wed, Jun 23, 2010 at 10:49 AM, Christian Pena <cpena at ststelecom.com>wrote:
You can try pcapsipdump.
http://sourceforge.net/projects/pcapsipdump/
*Christian Pena Network Engineer II* Direct: (786) 363-0460 Fax: (786) 363-0206 cpena at ststelecom.com
This e-mail transmission contains information that is proprietary and confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies.
Kristian Kielhofner wrote:
Hello everyone,
Does anyone know of a tool to split PCAP files that is SIP+RTP aware? Ideally I'd be able to record a PCAP file with any number of calls and then have a utility split that file into each separate call? I'm pretty sure I've seen a utility to do this, I just can't remember the name...
Thanks!
_______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Kristian, Alex has an elegant and inexpensive (read: basically free!) solution that you might want to check out. Here's a brief description (I've culled from a personal email, so I hope I don't misrepresent it) *So I wrote a highly parallelised, multithreaded tool that runs on such a "capture box" and listens to SIP traffic intelligently. It automatically identifies the media ports involved in a call and records both SIP and RTP to distinct capture files in a dated directory hierarchy separated by day and hour. The capture file contains the date, time, ANI, DNIS and Call-ID.* You should give him a shout: Alex Balashov <abalashov at evaristesys.com> I can vouch for the quality and effectiveness of his solutions. -N On Wed, Jun 23, 2010 at 9:02 AM, Kristian Kielhofner < kristian.kielhofner at gmail.com> wrote:
Hello everyone,
Does anyone know of a tool to split PCAP files that is SIP+RTP aware? Ideally I'd be able to record a PCAP file with any number of calls and then have a utility split that file into each separate call? I'm pretty sure I've seen a utility to do this, I just can't remember the name...
Thanks!
-- Kristian Kielhofner http://www.astlinux.org http://blog.krisk.org http://www.star2star.com http://www.submityoursip.com http://www.voalte.com _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops
Based on what you have said, UCSsniff is one free tool that could fit this requirement - http://ucsniff.sf.net The VideoSnarf tool of UCSniff takes an offline pcap as input, and outputs all RTP media streams. G.711u/a law, G.729 codec support mostly used by SPs, but also supports H.264 Video codec. The only problem with VideoSnarf is that outputted media is uni-directional. It doesn't re-construct forward and reverse into a single wav file. UCSniff does re-construct forward and reverse media into a single wave file. We spoke with a SP in NY who was using the Monitor SPAN session feature of UCSniff to monitor SIP calls and save wav files for each subscriber call. You can run it on a system and receieve traffic from a Monitor SPAN session. Best of all, UCSniff and VideoSnarf are free. You can modify the code to fit your own requirements. Let us know if or how it works for you. We can create new features such as parsing ANI/DNIS, based on feedback and justification. P.S. The VAST DVD (based on Ubuntu) already has UCSniff and VideoSnarf pre-built - http://vipervast.sf.net. Good luck with it all, Jason Kristian Kielhofner wrote:
Hello everyone,
Does anyone know of a tool to split PCAP files that is SIP+RTP aware? Ideally I'd be able to record a PCAP file with any number of calls and then have a utility split that file into each separate call? I'm pretty sure I've seen a utility to do this, I just can't remember the name...
Thanks!
participants (5)
-
cpena@ststelecom.com -
iknowjason@pobox.com -
kristian.kielhofner@gmail.com -
nicksten@gmail.com -
pfabian@telesphere.com