2

我正在使用 Wireshark 嗅探网络并检测 VoIP 呼叫。检测到的 VoIP 呼叫可以从 GUI(电话->VoIP 呼叫)中看到。

现在我想从命令行获取这个列表。我搜索了wireshark文档,但找不到执行此操作的命令。

我正在使用类似的命令

tshark -r myFile -R "sip.CSeq.method eq INVITE"

来自本主题: 使用 tshark 过滤 VoIP 呼叫

是否有命令从命令行显示 voip 呼叫列表,还是我必须解析输出并创建自己的列表?您是否建议使用其他任何工具来做到这一点?

任何帮助将不胜感激。

4

1 回答 1

2

I don't know of any way to coax tshark to give you what the Wireshark GUI does. You can do this by post-processing the output from tshark, but it will be a fair amount of work. One approach would be to:

  • Have tshark to display the full details of the SIP packets (e.g., with -v)
  • Pipe this to a process that will extract info from each packet. This process will need to detect packet boundaries, since the input will have multiple lines per packet.
  • This process will need to store selected info from these packets (such as From, To, Start Time, etc.) and correlate this info across packets based on dialog identifiers.
  • The process will need to understand the SIP protocol well enough to determine when calls are confirmed, terminated, etc.

This is certainly doable, but I wanted you to know what you are getting into.

An alternative to a separate process (that I have no experience with) is to write a Wireshark script in Lua, and invoke that via tshark -Xlua_script:my_script.lua (using a version of tshark compiled with Lua support). An example to help you get started can be found here under the example "Dump VoIP calls into separate files" (or similarly here on Google Code). The advantages are:

  • You automatically have access to the parsed SIP message.
  • It is easy to tell where the packet begins and ends.
  • Everything runs in a single process.

For me, the downside is that I would have to learn a new language (not the worst thing in the world).

EDIT: Looks like the SIP dissector in wireshark/tshark can help quite a bit if you use the Lua script approach; for instance, you can inspect sip.response-request on a SIP response to find the packet number of matching request.

于 2014-01-15T14:19:28.913 回答