http://www.dialogic.com/webhelp/img1010/10.5.2/webhelp/General_Reference/def_sip-ss7_cc.htm
Monday, December 19, 2011
Tuesday, January 18, 2011
VOIP Ethreal Live CallTraces
Trace VOIP live calls using Ethreal.
Note:- the command is case sensitive.
Capturing on e1000g0
3.591249 220.225.63.37 -> 292.168.15.16 SIP/SDP Request: INVITE sip:9199999999@292.168.15.16, with session description
3.593426 292.168.15.16 -> 220.225.63.37 SIP Status: 100 Trying
3.598371 292.168.15.16 -> 208.185.196.165 SIP/SDP Request: INVITE sip:38456819199999999@208.185.196.165, with session description
3.599654 208.185.196.165 -> 292.168.15.16 SIP Status: 100 Trying
8.066689 208.185.196.165 -> 292.168.15.16 SIP/SDP Status: 183 Session Progress, with session description
8.071264 292.168.15.16 -> 220.225.63.37 SIP/SDP Status: 183 Session Progress, with session description
9.640668 220.225.63.37 -> 292.168.15.16 SIP Request: CANCEL sip:9199999999@292.168.15.16
9.643045 292.168.15.16 -> 220.225.63.37 SIP Status: 200 OK
9.644570 292.168.15.16 -> 220.225.63.37 SIP Status: 487 Request Terminated
9.649396 292.168.15.16 -> 208.185.196.165 SIP Request: CANCEL sip:38456819199999999@208.185.196.165
9.651601 208.185.196.165 -> 292.168.15.16 SIP Status: 200 OK
9.652366 208.185.196.165 -> 292.168.15.16 SIP Status: 487 transaction terminated
9.658478 292.168.15.16 -> 208.185.196.165 SIP Request: ACK sip:38456819199999999@208.185.196.165
9.890679 220.225.63.37 -> 292.168.15.16 SIP Request: ACK sip:9199999999@292.168.15.16
Capturing on e1000g0
3.706289 220.225.63.37 -> 292.168.15.16 SIP/SDP Request: INVITE sip:9199999999@292.168.15.16, with session description
3.709908 292.168.15.16 -> 220.225.63.37 SIP Status: 100 Trying
3.716539 292.168.15.16 -> 208.185.196.165 SIP/SDP Request: INVITE sip:38456819199999999@208.185.196.165, with session description
3.717916 208.185.196.165 -> 292.168.15.16 SIP Status: 100 Trying
Note:- the command is case sensitive.
- tethereal -R 'sip contains "9199999999"'
Capturing on e1000g0
3.591249 220.225.63.37 -> 292.168.15.16 SIP/SDP Request: INVITE sip:9199999999@292.168.15.16, with session description
3.593426 292.168.15.16 -> 220.225.63.37 SIP Status: 100 Trying
3.598371 292.168.15.16 -> 208.185.196.165 SIP/SDP Request: INVITE sip:38456819199999999@208.185.196.165, with session description
3.599654 208.185.196.165 -> 292.168.15.16 SIP Status: 100 Trying
8.066689 208.185.196.165 -> 292.168.15.16 SIP/SDP Status: 183 Session Progress, with session description
8.071264 292.168.15.16 -> 220.225.63.37 SIP/SDP Status: 183 Session Progress, with session description
9.640668 220.225.63.37 -> 292.168.15.16 SIP Request: CANCEL sip:9199999999@292.168.15.16
9.643045 292.168.15.16 -> 220.225.63.37 SIP Status: 200 OK
9.644570 292.168.15.16 -> 220.225.63.37 SIP Status: 487 Request Terminated
9.649396 292.168.15.16 -> 208.185.196.165 SIP Request: CANCEL sip:38456819199999999@208.185.196.165
9.651601 208.185.196.165 -> 292.168.15.16 SIP Status: 200 OK
9.652366 208.185.196.165 -> 292.168.15.16 SIP Status: 487 transaction terminated
9.658478 292.168.15.16 -> 208.185.196.165 SIP Request: ACK sip:38456819199999999@208.185.196.165
9.890679 220.225.63.37 -> 292.168.15.16 SIP Request: ACK sip:9199999999@292.168.15.16
- tethereal -R 'sip.To contains "9199999999"'
Capturing on e1000g0
3.706289 220.225.63.37 -> 292.168.15.16 SIP/SDP Request: INVITE sip:9199999999@292.168.15.16, with session description
3.709908 292.168.15.16 -> 220.225.63.37 SIP Status: 100 Trying
3.716539 292.168.15.16 -> 208.185.196.165 SIP/SDP Request: INVITE sip:38456819199999999@208.185.196.165, with session description
3.717916 208.185.196.165 -> 292.168.15.16 SIP Status: 100 Trying
- The other SIP Parameters which you use are
- sip.Alert-Info
sip.From
sip.Call-Info
- sip.Contact
sip.Call-ID
For more fields visit.
http://www.linux-tutorial.info/modules.php?name=ManPage&sec=1&manpage=tethereal
Tuesday, January 11, 2011
How to see/analyze a very large in Wireshark
A very large file can be analyzed by breaking it into smaller parts and then analyzing the smaller files.
To do so follow the below steps.
1. C:\Program Files\Wireshark>capinfos.exe largefile.pcap
this will display details about this file like the total number of packets. and accordingly you can decide how many packets you want in a particular file [ so if the old file had 200000 packets and you want new files to be of 50000 Packets then we will get 4 new smaller files created.
2. Now just create new smaller files from the old large file by using the command
C:\Program Files\Wireshark>editcap.exe -c 50000 oldfile.pcap new_smallfile
It will create new 4 files of around 50000 packets each and you can then open those files with Wireshark.
That's it and in case you need to join those files then we can use the MERGE option of Wireshark.
To do so follow the below steps.
1. C:\Program Files\Wireshark>capinfos.exe largefile.pcap
this will display details about this file like the total number of packets. and accordingly you can decide how many packets you want in a particular file [ so if the old file had 200000 packets and you want new files to be of 50000 Packets then we will get 4 new smaller files created.
2. Now just create new smaller files from the old large file by using the command
C:\Program Files\Wireshark>editcap.exe -c 50000 oldfile.pcap new_smallfile
It will create new 4 files of around 50000 packets each and you can then open those files with Wireshark.
That's it and in case you need to join those files then we can use the MERGE option of Wireshark.
Subscribe to:
Posts (Atom)