Wireshark-users: Re: [Wireshark-users] SIP text to PCAP Possible?

From: Hadriel Kaplan <hadrielk@xxxxxxxxx>
Date: Tue, 18 Feb 2014 10:59:20 -0800 (PST)
I've got a code change to wireshark 1.11 that will let it read in "capture" files using its Lua engine, and thus let you write a Lua script to read in a log file of SIP messages (as a new "capture" file type) and display them in wireshark, save them as pcap, etc.  I wrote a Lua script to do so for Acme's sip log files, as my test of the new wireshark code.  But I haven't submitted the code change to wireshark yet, as I'm waiting for an existing submission to be merged.  Hopefully that will happen in the next week or two.

If you send me a few sample XS logs, I'll see if I can write up a Lua file reader for that as well.

-hadriel


On Tuesday, February 18, 2014 1:31 PM, Jamie O. Montgomery <Jamie.Montgomery@xxxxxxxxxxxxx> wrote:
I'm trying to convert parsed information from XS logs on the Broadsoft platform. 

Jamie M
On Feb 18, 2014, at 11:25 AM, "Hadriel Kaplan" <hadrielk@xxxxxxxxx> wrote:

What devices are the log files from?

Some vendors provide tools to convert their log files to pcap format. (Acme has a free one to convert their SBC's sipmsg.log files to pcap, for example)

-hadriel

On Tue, Feb 4, 2014 at 8:37 AM, Jamie O. Montgomery <Jamie.Montgomery@xxxxxxxxxxxxx> wrote: > Tip of the hat to the WireShark community. > > I'm looking for a way to take SIP messages from a text log and create a PCAP > file to view in WireShark. I've got some rudimentary PERL skills that could > take the text log file and parse the text to create some dummy information > for all the headers, but I haven't found a way to create a PCAP file from > scratch. I wanted to ask if such an effort had been made in the community. > > We provide VoIP to our customers, and reading through large log files is > very time consuming. We're much better at parsing PCAP files in WireShark. > We can't capture the VoIP traffic due to the magnitude of data we deal with. > > Thanks in advance. > > Jamie M
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe