I need to get statistics on sip streams for a large test. I have 2 sipp generators one sender and one receiver, the receiver has the switch port mirrored to another machine used for analysis. For now on the "analyzer" I am saving data to a file: After this i analyze the pcap file: All is good and showing ok but on capture after a few minutes I have a few GB of data in the file, as I make cycles of 1000 2 minutes calls with 30 sec pause between cycles. Is there a way to get statistics with no saving to disk, I mean after a call ended show statistics and forget the data because I need to make some tests for 4-8 hours. Something like this: asked 17 Nov '16, 03:32  rift85 |
2 Answers:
Use dumpcap to capture the traffic with multiple files, e.g. the The tricky bit will be arranging the file capture and call to overlap so a complete call is contained within each capture file, you have options for duration and file size to limit a capture file. Running tshark for long periods with high-volume data runs the risk of the tshark process running out of memory due to the state that's maintained. answered 17 Nov '16, 03:46  grahamb ♦ |
As you say you generate calls in "campaigns" clearly bordered in time, you can synchronize individual runs of tshark with those campaigns, can't you? That way, you wouldn't need to save the data to disk at all, just redirect the statistics output of tshark to a text file. Trouble would begin if the memory of the capturing machine would be insufficient to handle the complete campaign, but that does not seem to be your case currently. answered 17 Nov '16, 05:02  sindy |
