[Boaz Galil <boaz20@xxxxxxxxx>]

Hi Andres and everyone,

 

Thanks for the prompt reply.  I believe I found a possible solution here. First run Mergecap.exe on all 50 files and then run tshark with SIP filter.

On Mon, Sep 26, 2011 at 10:57 AM, Anders Broman <anders.broman@xxxxxxxxxxxx> wrote:

Hi,

Not sure that's possible as some of the SIP messages probably are segmented. You may be able to cut out irelevant stuff by runing tshark on the files though.

Regards

Anders

---

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Boaz Galil
Sent: den 26 september 2011 16:21
To: Community support list for Wireshark
Subject: [Wireshark-users] extract SIP messages from multi-files

Dear Wireshark experts,

You helped me a lot in the past so I hope you will help me today as well.

I got 50 capture files (from wireshark) with incremental sequence.

 

1.       I would like to take those 50 files (each file around 100MB) and to extract all the SIP packets (there should be no more than 1MB SIP packets in all files together) to a single file.

 

2.       If item 1 is not possible or there is no easy solution. I would like to extract all SIP messages from each file to a different file from the command line.

 

 

Thanks in advance,

Boaz.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe