I'm analyzing VoIP calls on my network
For now i'm using a generated .pcap file, but later i'll be listening for this at real time.
I'm using tshark, and i can filter some important data pretty easily from the .pcap (like "source ip address and port", "destination ip addr and Port", payload pckt lost, Max Delta(ms),Max Jitter(ms),Mean Jitter(ms)) with
tshark -r myfile -q -z rtp,streams
What i want to know is: how can i get the sip addrs of a call? (client and server)
I can retrieve some sip addrs (only client) by filtering all sip INVITE like this:
tshark -r myFile -R "sip.Request-Line contains INVITE"
But i can't get the address of the server.
To clarify a bit, my idea was to get this "statistic" in tshark, like wireshark gives me when i access "Telephony>VoIP Calls" (the same way that tshark -r myfile -q -z rtp,streamsreturns me statistics just like wireshark's Telephony>RTP>Show All Streams), is there a way to do this? If not with "statistics" (-z) how can i create a filter (-R) to do something similar of the "VoIPCall" function of wireshark
I'm using tshark as i want to work with this data, and not just analyze it on my screen
Thanks
try:
tshark -r myFile -R "sip.CSeq.method eq INVITE"
That will filter for the request sent from the client and the corresponding reply from the server.