Jump to content

PacketSquirrel - PCAPSIPDUMP


Yves Gougeon

Recommended Posts

Posted

So you're trying to filter the tcpdump file to view only SIP packets?

You can either do this with the command 'tcpdump', or use an external program to read the file and filter for certain traffic (e.g. Wireshark).
SIP traffic is usually over UDP on ports 5060 (unencrypted) and 5061 (encrypted). It can also be over TCP.

I can't remember all the arguments tcpdump takes but you should SSH into the PS and do a "tcpdump ?" to figure out what arguments you need to pass to it (pass port 5060 to it, and UDP as the protocol).

Links:
https://wiki.wireshark.org/SIP

Posted

The purpose of PCAPSIPDUMP is to fragment each independent SIP calls in individual pcap files including its RTP streams. TCPDUMP does not have this ability. Additionally, the SIP and RTP packets can come from any ports, so it is not possible for TCPDUMP to capture a specific layer 7.

Posted
On 3/24/2018 at 6:20 AM, Yves Gougeon said:

Additionally, the SIP and RTP packets can come from any ports, so it is not possible for TCPDUMP to capture a specific layer 7.

How many people out there do you think would change the default port - knowing that if you do that you have to reconfigure firewalls and the phone system itself? I think you'll find at least the SIP ports are default, as servers, clients and firewalls need to know it.

A lot of phone systems (like 3CX, for example) use specific ports for their audio streams. 3CX uses ports 9000-9500 (UDP) for it's audio streams over RTP, for example.

However, it is true TCPDump doesn't support pushing separate calls to separate dump files.

On 3/24/2018 at 6:20 AM, Yves Gougeon said:

...so it is not possible for TCPDUMP to capture a specific layer 7.

Of course it's not possible with that attitude.

 

If you want to use PCAPSIPDUMP so much, just try compiling it on the PS with libpcap and gcc3.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...