tshark SIP协议显示崩溃
tshark SIP protocol display collapse
我正在使用 tshark 协议过滤器,因为我需要解析 SIP 数据包的内容。
tshark -r df32c2248fe646a6793ce9a63b124b34@0.0.0.0.pcap -O sip
我明白了:
Frame 14: 553 bytes on wire (4424 bits), 553 bytes captured (4424 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 4.4.4.4 (4.4.4.4), Dst: 3.3.3.3 (3.3.3.3)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
Session Initiation Protocol (200)
Status-Line: SIP/2.0 200 OK
Status-Code: 200
[Resent Packet: False]
[Request Frame: 11]
[Response Time (ms): 115]
[Release Time (ms): 115]
Message Header
Via: SIP/2.0/UDP 2.2.2.2:5060;received=3.3.3.3;branch=z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
Transport: UDP
Sent-by Address: 2.2.2.2
Sent-by port: 5060
Received: 3.3.3.3
Branch: z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
Contact: <sip:14082186500@1.1.1.1:17060>
Contact URI: sip:14082186500@1.1.1.1:17060
Contact URI User Part: 14082186500
Contact URI Host Part: 1.1.1.1
Contact URI Host Port: 17060
To: <sip:14082186500@spicyramen.ippbx.com;user=phone>;tag=83174026
SIP to address: sip:14082186500@spicyramen.ippbx.com;user=phone
SIP to address User Part: 14082186500
SIP to address Host Part: spicyramen.ippbx.com
SIP To URI parameter: user=phone
SIP to tag: 83174026
From: <sip:anonymous@sip.ie1.sipprovider.com>;tag=87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
SIP from address: sip:anonymous@sip.ie1.sipprovider.com
SIP from address User Part: anonymous
SIP from address Host Part: sip.ie1.sipprovider.com
SIP from tag: 87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
Call-ID: df32c2248fe646a6793ce9a63b124b34@0.0.0.0
CSeq: 44365 BYE
Sequence Number: 44365
Method: BYE
User-Agent: 3CXPhoneSystem 14.0.44198.522 (44097)
Content-Length: 0
如您所见,输出没有崩溃。我想看到这样的东西:
Frame 14: 553 bytes on wire (4424 bits), 553 bytes captured (4424 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 4.4.4.4 (4.4.4.4), Dst: 3.3.3.3 (3.3.3.3)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
Session Initiation Protocol (200)
Status-Line: SIP/2.0 200 OK
Message Header
Via: SIP/2.0/UDP 2.2.2.2:5060;received=3.3.3.3;branch=z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
Contact: <sip:14082186500@1.1.1.1:17060>
To: <sip:14082186500@spicyramen.ippbx.com;user=phone>;tag=83174026
From: <sip:anonymous@sip.ie1.sipprovider.com>;tag=87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
Call-ID: df32c2248fe646a6793ce9a63b124b34@0.0.0.0
CSeq: 44365 BYE
User-Agent: 3CXPhoneSystem 14.0.44198.522 (44097)
Content-Length: 0
Wireshark
您可以使用 Wireshark 来完成这项工作。
应用 display filter:
啜
转到 Packet Details 窗格。
展开 "Session Initiation Protocol"
展开请求行、消息头和消息体*(不展开子树)
转到文件 - 导出 - 导出数据包剖析... - 作为 "Plain Text" 文件...
数据包格式部分:select "Packet Summery Line" 和 "Packet Details: As Displayed"
添加文件名并保存文件
*注
我用过 sample file: aaa.pcap
消息正文:见数据包223
TShark
您可以使用 -T 字段并添加您需要的所有 fields。
例如:
tshark -r aaa.pcap -Y sip -E header=y -E separator="?" -T fields -e frame.number -e sip.Request-Line -e sip.r-uri -e sip.Via -e sip.From -e sip.To - e sip.Call-ID -e sip.Contact -e sip.Expires -e sip.CSeq -e sip.User-Agent -e sip.Content-长度 > aaa.csv
我正在使用 tshark 协议过滤器,因为我需要解析 SIP 数据包的内容。
tshark -r df32c2248fe646a6793ce9a63b124b34@0.0.0.0.pcap -O sip
我明白了:
Frame 14: 553 bytes on wire (4424 bits), 553 bytes captured (4424 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 4.4.4.4 (4.4.4.4), Dst: 3.3.3.3 (3.3.3.3)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
Session Initiation Protocol (200)
Status-Line: SIP/2.0 200 OK
Status-Code: 200
[Resent Packet: False]
[Request Frame: 11]
[Response Time (ms): 115]
[Release Time (ms): 115]
Message Header
Via: SIP/2.0/UDP 2.2.2.2:5060;received=3.3.3.3;branch=z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
Transport: UDP
Sent-by Address: 2.2.2.2
Sent-by port: 5060
Received: 3.3.3.3
Branch: z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
Contact: <sip:14082186500@1.1.1.1:17060>
Contact URI: sip:14082186500@1.1.1.1:17060
Contact URI User Part: 14082186500
Contact URI Host Part: 1.1.1.1
Contact URI Host Port: 17060
To: <sip:14082186500@spicyramen.ippbx.com;user=phone>;tag=83174026
SIP to address: sip:14082186500@spicyramen.ippbx.com;user=phone
SIP to address User Part: 14082186500
SIP to address Host Part: spicyramen.ippbx.com
SIP To URI parameter: user=phone
SIP to tag: 83174026
From: <sip:anonymous@sip.ie1.sipprovider.com>;tag=87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
SIP from address: sip:anonymous@sip.ie1.sipprovider.com
SIP from address User Part: anonymous
SIP from address Host Part: sip.ie1.sipprovider.com
SIP from tag: 87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
Call-ID: df32c2248fe646a6793ce9a63b124b34@0.0.0.0
CSeq: 44365 BYE
Sequence Number: 44365
Method: BYE
User-Agent: 3CXPhoneSystem 14.0.44198.522 (44097)
Content-Length: 0
如您所见,输出没有崩溃。我想看到这样的东西:
Frame 14: 553 bytes on wire (4424 bits), 553 bytes captured (4424 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 4.4.4.4 (4.4.4.4), Dst: 3.3.3.3 (3.3.3.3)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
Session Initiation Protocol (200)
Status-Line: SIP/2.0 200 OK
Message Header
Via: SIP/2.0/UDP 2.2.2.2:5060;received=3.3.3.3;branch=z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
Contact: <sip:14082186500@1.1.1.1:17060>
To: <sip:14082186500@spicyramen.ippbx.com;user=phone>;tag=83174026
From: <sip:anonymous@sip.ie1.sipprovider.com>;tag=87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
Call-ID: df32c2248fe646a6793ce9a63b124b34@0.0.0.0
CSeq: 44365 BYE
User-Agent: 3CXPhoneSystem 14.0.44198.522 (44097)
Content-Length: 0
Wireshark
您可以使用 Wireshark 来完成这项工作。
应用 display filter:
啜
转到 Packet Details 窗格。
展开 "Session Initiation Protocol"
展开请求行、消息头和消息体*(不展开子树)
转到文件 - 导出 - 导出数据包剖析... - 作为 "Plain Text" 文件...
数据包格式部分:select "Packet Summery Line" 和 "Packet Details: As Displayed"
添加文件名并保存文件
*注
我用过 sample file: aaa.pcap
消息正文:见数据包223
TShark
您可以使用 -T 字段并添加您需要的所有 fields。
例如:
tshark -r aaa.pcap -Y sip -E header=y -E separator="?" -T fields -e frame.number -e sip.Request-Line -e sip.r-uri -e sip.Via -e sip.From -e sip.To - e sip.Call-ID -e sip.Contact -e sip.Expires -e sip.CSeq -e sip.User-Agent -e sip.Content-长度 > aaa.csv