This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Tool to identify unanswered SIP messages

0

Hi,

I would like to know if any tool (a script or whatever) exists that identifies all the SIP messages, from a pcap file, which were send to a specific IP Address that where not replied.

For example, for SIP protocol, this script would check all the INVITE messages that were not replying back. For this case, the tool will check if any '100 Trying' message was send back for each INVITE message.

This would help when analyzing huge wireshark traces with hundreds of thousands packets.

I could develop my own script but if a similar solution already exists I would use it.

Thank you in advance. BR, Catarina

asked 21 Apr '14, 10:00

Catarina's gravatar image

Catarina
11113
accept rate: 0%


2 Answers:

2

This sounds like (Yet Another) job for MATE. That's a pain to set up and use, but I'd guess you could do something like:

  1. Create PDUs for SIP messages
  2. Create Gops (Groups of Packets) which contain requests + responses
  3. Filter on "mate.[your_gop_name].NumOfPdus == 1"

answered 22 Apr '14, 18:00

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Hi,

Thank you. I didn't know MATE. It's an incredible tool. It helped to solve my problem. Just followed the steps you mentioned above.

Regards.

(24 Apr '14, 02:31) Catarina

Great, you're welcome!

As this is a Q&A site it's useful if you can "accept" an answer by clicking on the checkbox next to it (assuming it answered your question). See the FAQ for details.

(24 Apr '14, 11:41) JeffMorriss ♦

0

I believe the following tool could be interesting for you.

https://code.google.com/p/sipana/

However: This is not just a small scripted solution. So, it's probably only worth trying if you have to analyze a lot of SIP calls day by day.

Regards
Kurt

answered 23 Apr '14, 12:17

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%