-----Original Message----- From: Greg Fausak [mailto:greg@august.net] Sent: Thursday, April 10, 2003 6:26 PM To: serusers@lists.iptel.org Cc: sip@august.net Subject: [Serusers] SIP Scenario Tool
...
The example (real world debug) callflow can be viewed at my development website: http://stage.august.net/sip1_index.html and http://stage.august.net/sip1.html
You use tcpdump (or ethereal, or whatever) to grab the Output, like on linux: tcpdump -s 0 -i eth0 'port 5060' -w /var/log/sip1.dump
Hello!
How do you capture from different networks? Is it possible to input several dump-files into the tool, one captured at the caller site and one captured at the callee site?
regards, Klaus
...
The example (real world debug) callflow can be viewed at my development website: http://stage.august.net/sip1_index.html and http://stage.august.net/sip1.html
You use tcpdump (or ethereal, or whatever) to grab the Output, like on linux: tcpdump -s 0 -i eth0 'port 5060' -w /var/log/sip1.dump
Hello!
How do you capture from different networks? Is it possible to input several dump-files into the tool, one captured at the caller site and one captured at the callee site?
I don't know. I know there are tools for joining tcpdump files, perhaps it is possible.
On our setup we have cisco switches. We 'port monitor' all of the ports we want to gather information about. So, even when they are on different networks we get all of the packets.
---greg
regards, Klaus _______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Klaus Darilion wrote:
[snip]
Hello!
How do you capture from different networks? Is it possible to input several dump-files into the tool, one captured at the caller site and one captured at the callee site?
regards, Klaus
In theory you can use mergecap (part of ethereal) to merge captures from different networks. In practise this is difficult b/c you are likely missing a common timebase to determine the correct relative ordering.
Locally to sniff on N networks, I put N extra network adaptor cards in my desktop machine and do NOT configure the IP level interface. Using them strictly as monitoring interfaces, this ''multihomed'' machine can sniff all N networks at the same time, solving the time-base problem.
HTH,
Alan Hawrylyshen Jasomi Networks Inc.
-- Got a SIMPLE implementation, come to the 1st SIMPLE interop! (SIMPLEt) http://simplet.jasomi.com/ -- Registration closes April 15, 2003.
Hey Alan,
I'm about to order one of your boxes. I hope it works :-)
---greg
-----Original Message----- From: Alan Hawrylyshen [mailto:alan@jasomi.com] Sent: Thursday, April 10, 2003 12:15 PM To: Klaus Darilion Cc: Greg Fausak; serusers@lists.iptel.org; sip@august.net Subject: Re: [Serusers] SIP Scenario Tool
Klaus Darilion wrote:
[snip]
Hello!
How do you capture from different networks? Is it possible to input several dump-files into the tool, one captured at the
caller site and
one captured at the callee site?
regards, Klaus
In theory you can use mergecap (part of ethereal) to merge captures from different networks. In practise this is difficult b/c you are likely missing a common timebase to determine the correct relative ordering.
Locally to sniff on N networks, I put N extra network adaptor cards in my desktop machine and do NOT configure the IP level interface. Using them strictly as monitoring interfaces, this ''multihomed'' machine can sniff all N networks at the same time, solving the time-base problem.
HTH,
Alan Hawrylyshen Jasomi Networks Inc.
-- Got a SIMPLE implementation, come to the 1st SIMPLE interop! (SIMPLEt) http://simplet.jasomi.com/ -- Registration closes April 15, 2003.
If you use ntp on all the machines you shouldn't have any problem merging the capturefiles.
/ Tomas
On Thu, 10 Apr 2003, Alan Hawrylyshen wrote:
Klaus Darilion wrote:
[snip]
Hello!
How do you capture from different networks? Is it possible to input several dump-files into the tool, one captured at the caller site and one captured at the callee site?
regards, Klaus
In theory you can use mergecap (part of ethereal) to merge captures from different networks. In practise this is difficult b/c you are likely missing a common timebase to determine the correct relative ordering.
Locally to sniff on N networks, I put N extra network adaptor cards in my desktop machine and do NOT configure the IP level interface. Using them strictly as monitoring interfaces, this ''multihomed'' machine can sniff all N networks at the same time, solving the time-base problem.
HTH,
Alan Hawrylyshen Jasomi Networks Inc.
-- Got a SIMPLE implementation, come to the 1st SIMPLE interop! (SIMPLEt) http://simplet.jasomi.com/ -- Registration closes April 15, 2003.
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Alan Hawrylyshen -
Greg Fausak -
Klaus Darilion -
Tomas Björklund