This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SIP messages per user

0

Hi folks,

is there any possibility in Wireshark by using a special filter or a combination of some to show an overview of the number of SIP messages per user or endpoint? Trying to figure it out for SBC settings but with hundreds of thousands of IP endpoints you're soon bored somehow.

Greetz Marzen

asked 14 Aug '13, 08:19

Marzen's gravatar image

Marzen
11112
accept rate: 0%

One Answer:
active answersoldest answersnewest answerspopular answers
0

You can use tshark in conjunction with a perl/python script to extract the information you are interested in.

tshark -nr sip.pcap -R "sip" -T fields -e frame.time -e ip.src -e ip.dst -e sip.from.addr -e sip.to.addr -e sip.Call-ID

See the SIP filter reference for more fields.

Output (generated from a test file): 

frame.time;ip.src;ip.dst;sip.from.addr;sip.to.addr;sip.Call-ID
Apr 12, 2012 17:40:15.711324000;192.168.0.10;216.234.64.8;sip:[email protected];sip:[email protected];C5570127C1A6A1ABF7ED9
DB9AD608CE00xc0a8000a
Apr 12, 2012 17:40:15.755652000;216.234.64.8;192.168.0.10;sip:[email protected];sip:[email protected];C5570127C1A6A1ABF7ED9
DB9AD608CE00xc0a8000a
Apr 12, 2012 17:40:15.769396000;216.234.64.8;192.168.0.10;sip:[email protected];sip:[email protected];C5570127C1A6A1ABF7ED9
DB9AD608CE00xc0a8000a
Apr 12, 2012 17:40:15.882668000;192.168.0.10;216.234.64.8;sip:[email protected];sip:[email protected];C5570127C1A6A1ABF7ED9
DB9AD608CE00xc0a8000a
Apr 12, 2012 17:40:15.884964000;192.168.0.10;216.234.64.8;sip:[email protected];sip:[email protected];C5570127C1A6A1ABF7ED9
DB9AD608CE00xc0a8000a
Apr 12, 2012 17:40:15.931983000;216.234.64.8;192.168.0.10;sip:[email protected];sip:[email protected];C5570127C1A6A1ABF7ED9
DB9AD608CE00xc0a8000a

Regards
Kurt

permanent link

answered 20 Aug '13, 02:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 20 Aug '13, 02:53

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×109
×86
×14

question asked: 14 Aug '13, 08:19

question was seen: 3,001 times

last updated: 20 Aug '13, 02:53

Related questions

What am I looking at?

Listing all the endpoints in local network

Time display format in VoIP calls (and SIP Call Flow) window

SIP capture filter

Capture and Store voice traffic into a Database

tshark SIP Statistics

Save only filtered SIP\RTP results in a file

USB to ethernet adapter - capture missing SIP and ICMP messages

SIP filter shows only host IP in destination column and not in source column

Tshark statistics to show port numbers?

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A