I am analyzing VoIP calls on my network
For now, I am using the generated .pcap file, but later I will listen to it in real time.
I use tshark and I can quite easily filter some important data from .pcap (for example, "IP address and source port", "Destination IP address and port", payload loss pckt, Max Delta (ms), Max. Jitter (ms), average jitter (ms)) with
tshark -r myfile -q -z rtp, streams
What I want to know is: how can I get a breath of call adrols? (client and server)
I can get some sip addrs (client only) by filtering all sip INVITE as follows:
tshark -r myFile -R "sip.Request-Line contains INVITE"
But I can not get the server address.
To clarify a bit, my idea was to get this “statistics” in tshark, for example, wirehark gives me when I get access to “Telephony> VoIP Calls” (same as tshark -r myfile -q -z rtp , streamsreturns me statistics, like wirehark Telephony> RTP> Show all streams), is there any way to do this? If not with "statistics" (-z), how can I create a filter (-R) to do something like this from the "VoIPCall" wirehark function
I use tshark, because I want to work with this data, and not just analyze it on the screen
thanks