Parsing a SIP-packet .cap file to reach "INFO" field
I am trying to parse a pack of SIP-frames which are stored in a .cap file. Everything seems to be working smoothly I read correct data but there is a small fault which I cannot overcome.
I need to get to the INFO field of each frame to get the information about number FROM which the number was dialled and also a TO field to know where the call was made to.
I gather data via dcpdump and store them in a .cap file. While reading the file via Wireshark I can see the field so I know that it was captured correctly. But I need to automate that process so I need to omit using WS.
I tried using tshark with known option -e col.Info (also col.info which is obviously incorrect) but I constantly get:
tshark: Some fields aren't valid: col.Info
My tshark version is 2.2.6 so it should be working as I read that it is valid in versions higher than 1.5 or somewhere around it.
I also tried ChaosReader to create a .html file and that also worked nicely still no info field though. Another way I tried was to use pcap2xml as I thought that an XML should contain ALL the data from the frame but that solution also lets me down.
I am running out of ideas so I came here for support and new suggestions.
Also: a way of parsing that data in Python would be also a plus as I want to process this data later using Python. I tried Scapy but I was not able to obtain the data that I need.
Screen of the Wireshark capturing:
The column field from Wireshark can be outputted by tshark using the -o column:format:"Info","%i" format. To output this column in addition to the to (sip.to.addr) and from (sip.from.addr) addresses of each SIP packet, you can run:
$ tshark -r input.pcap -o 'column.format:"Info","%i","From","%Cus:sip.from.addr","To","%Cus:sip.to.addr"' sip
Request: REGISTER sip:sip.cybercity.dk (1 binding) | sip:[email protected] sip:[email protected]
Status: 401 Unauthorized | sip:[email protected] sip:[email protected]
Request: REGISTER sip:sip.cybercity.dk (1 binding) | sip:[email protected] sip:[email protected]
- How do I convert a large XML file to a CSV file?
- Sending data and files as multipart request using aiohttp
- Storing and retreiving data with Milvus and Langchain
- shutil moving only one file instead of many files in a directory
- Find the index of a child in lxml
- How to get the path of a sub folder under root directory of the project
- Pytest Exit Codes
- Dynamically import module from memory in Python 3 using Hooks
- Access the Alexa Shopping and To-Do Lists with Python3 request module
- How to fix no token found error while downloading hugging face?
- How to Expose Python Enum as "Constants" without the Class Name All At Once
- How can I compute monthly payments buy using this formula?
- Why is Tkinter Entry's get function returning nothing?
- pip or pip3 to install packages for Python 3?
- how to round numbers after decimal point in python
- NameError: name 'pydotplus' is not defined
- check type within numpy array
- Adding a timer to giveaway command discord.py
- How do I stream and queue up songs in a discord bot?
- How to add type annotation to asyncio.Task
- Tkinter entry widget input are written backwards
- I cannot import monsoon after installing Monsoon
- Dataframe with FROM and TO column. Unordered, Get correct combinations
- get all possible paths in directed cyclic graph
- Is it possible to run aws s3 sync with boto3?
- Is there a way to define list(obj) method on a user defined class in python?
- how to show relationship data in human readable text in flask-admin page
- dividing aggregate expressions (Count / Count) results to zoro, no matter what
- can't subtract offset-naive and offset-aware datetimes while subtracting date with offset mentioned
- Describing the data points with arc-shaped graph