Wireshark mailing list archives
Re: SIP text to PCAP Possible?
From: Hadriel Kaplan <hadrielk () yahoo com>
Date: Tue, 18 Feb 2014 10:59:20 -0800 (PST)
I've got a code change to wireshark 1.11 that will let it read in "capture" files using its Lua engine, and thus let you write a Lua script to read in a log file of SIP messages (as a new "capture" file type) and display them in wireshark, save them as pcap, etc. I wrote a Lua script to do so for Acme's sip log files, as my test of the new wireshark code. But I haven't submitted the code change to wireshark yet, as I'm waiting for an existing submission to be merged. Hopefully that will happen in the next week or two. If you send me a few sample XS logs, I'll see if I can write up a Lua file reader for that as well. -hadriel On Tuesday, February 18, 2014 1:31 PM, Jamie O. Montgomery <Jamie.Montgomery () comporium com> wrote: I'm trying to convert parsed information from XS logs on the Broadsoft platform. Jamie M On Feb 18, 2014, at 11:25 AM, "Hadriel Kaplan" <hadrielk () yahoo com> wrote: What devices are the log files from?
Some vendors provide tools to convert their log files to pcap format. (Acme has a free one to convert their SBC's sipmsg.log files to pcap, for example) -hadriel On Tue, Feb 4, 2014 at 8:37 AM, Jamie O. Montgomery
<Jamie.Montgomery@xxxxxxxxxxxxx> wrote:
Tip of the hat to the WireShark community. I'm looking for a way to take SIP messages from a text log and create a PCAP file to view in WireShark. I've got some rudimentary PERL skills that could take the text log file and parse the text to create some dummy information for all the headers, but I haven't found a way to create a PCAP file from scratch. I wanted to ask if such an effort had been made in the community. We provide VoIP to our customers, and reading through large log files is very time consuming. We're much better at parsing PCAP files in WireShark. We can't capture the VoIP traffic due to the magnitude of data we deal with. Thanks in advance. Jamie M
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- SIP text to PCAP Possible? Jamie O. Montgomery (Feb 04)
- Re: SIP text to PCAP Possible? Evan Huus (Feb 04)
- Re: SIP text to PCAP Possible? Anders Broman (Feb 04)
- Re: SIP text to PCAP Possible? Jaap Keuter (Feb 05)
- <Possible follow-ups>
- Re: SIP text to PCAP Possible? Hadriel Kaplan (Feb 18)
- Re: SIP text to PCAP Possible? Jamie O. Montgomery (Feb 18)
- Re: SIP text to PCAP Possible? Hadriel Kaplan (Feb 18)
- Re: SIP text to PCAP Possible? Jamie O. Montgomery (Feb 18)
- Re: SIP text to PCAP Possible? Evan Huus (Feb 04)