Wireshark-users: Re: [Wireshark-users] Question
Sandeep So I have to capture all the packets then save
the file, then apply the signaling filter ( tshark -i x port 5060
-w <name of pcap that you want to analyze>), then write a script to save
this data. Then apply another filter to get the SDP information on the same
file,( tshark -r sdp.media.port -V | grep -w " Is that the correct sequency of events required to do this? Is there a way to cut own the amount of steps? Can I apply both filters
at the same time? TimeData Corporation VP of Network Operation work: 212-644-1600 X3 Cell: 503-318-8909 From:
wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
On Behalf Of sandeep nitta Terry, that again depends on what Voip protocol you are analyzing. For instance in SIP, media information is exchanged commonly over SDP
(Session Description Protocol), which carries the port information over which
the media is to be exchanged. you can use sdp.media.port switch in conjunction with -V to see what
all ports are being used for Media Transfer. something like tshark -r <pcap you want to read> sdp.media.port -V | grep -w
" You can use a small script to store these ports and supply the same to
tshark to automate the process. -- Sandeep Nitta
On Fri, Aug 29, 2008 at 12:17 AM, Thanks that is a good start This gives me the signaling information, which I want.
I also want the information over the media which is usually on another
port? Is there a way to indentify that and collect that? That is why I was trying to find a way to automate what is
done in wireshark, where it will analyse a VoIP call. I want to see if I
can do that in Tshark. Is that possible? TimeData Corporation VP of Network Operation work: 212-644-1600 X3 Cell: 503-318-8909 From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
On Behalf Of sandeep nitta You need
to identify which Voip protocols are being used in your Voip Traffic. Ex: SIP
commonly uses port 5060 for UDP and 5061 for TCP Similarily,
once you identify which protocol is being used in your network and on which
port it traverses, you are ready to go ahead Say, all
your traffic goes on port 5060 and on "x" interface, you can
use the following filter tshark -i
x port 5060 -w <name of pcap that you want to analyze" you can
look at the man page of tshark and what functionality the -z switch provides to
further analyze the captued trace file. -- Sandeep
Nitta
On Thu,
Aug 28, 2008 at 9:15 PM, I
am new to the list but I am trying to understand how to collect VoIP traffic
using Tshark and generate similar reports to what you can get when you use the
VoIP analysis in wireshark? Can any one point me the right direction to
obtain that type of data? How to setup the filters Thanks TimeData Corporation VP
of Network Operation work:
212-644-1600 X3 Cell:
503-318-8909
|
- Follow-Ups:
- Re: [Wireshark-users] Question
- From: sandeep nitta
- Re: [Wireshark-users] Question
- Prev by Date: [Wireshark-users] TCP Window Sizes
- Next by Date: [Wireshark-users] using Tshark to get Wireshark analysis reports
- Previous by thread: Re: [Wireshark-users] TCP Window Sizes
- Next by thread: Re: [Wireshark-users] Question
- Index(es):