You automatically have access to the parsed SIP message. An example to help you get started can be found here under the example "Dump VoIP calls into separate files" (or similarly here on Google Code). This is certainly doable, but I wanted you to know what you are getting into.Īn alternative to a separate process (that I have no experience with) is to write a Wireshark script in Lua, and invoke that via tshark -Xlua_script:my_a (using a version of tshark compiled with Lua support). The process will need to understand the SIP protocol well enough to determine when calls are confirmed, terminated, etc. This process will need to store selected info from these packets (such as From, To, Start Time, etc.) and correlate this info across packets based on dialog identifiers. This process will need to detect packet boundaries, since the input will have multiple lines per packet. 
Pipe this to a process that will extract info from each packet.
Have tshark to display the full details of the SIP packets (e.g., with -v). You can do this by post-processing the output from tshark, but it will be a fair amount of work. I don't know of any way to coax tshark to give you what the Wireshark GUI does.
0 kommentar(er)
