With the tshark command:
tshark -r 60f545a5a8e04c899a1d7f894ec34d42.pcap -T fields -e _ws.col.Info -e _ws.col.Time -e sip.from.addr -e sip.to.addr -e sip.msg_body -T json
I get:
{
"_index": "packets-2020-04-22",
"_type": "pcap_file",
"_score": null,
"_source": {
"layers": {
"_ws.col.Info": ["Status: 200 OK | "],
"_ws.col.Time": ["42.017112417"],
"sip.from.addr": ["sip:foo@foo:5060"],
"sip.to.addr": ["sip:foo@foo:5060"],
"sip.msg_body": ["1"]
}
}
}
Looking in Wireshark, the sip.msg_body contains some XML I'd like to access.
<?xml version="1.0" encoding="US-ASCII"?>
<msml version="1.1">
<event name="play.started" id="conf:foo/dialog:annc"/>
</msml>
Does anyone know what I'm doing wrong to get that msg_body?