Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider SIP callflow #139

Open
rafapcarvalho opened this issue Aug 13, 2022 · 7 comments
Open

Consider SIP callflow #139

rafapcarvalho opened this issue Aug 13, 2022 · 7 comments

Comments

@rafapcarvalho
Copy link

rafapcarvalho commented Aug 13, 2022
edited

Is your feature request related to a problem? Please describe.

It's not a problem

Describe the solution you'd like

Would it be possible to add a callflow for traffic analysis in SIP?
Something like callflow, (example view) would be very interesting for analyzing SIP traffic. With thermShark I can analyze a lot without having to download pcap to my personal computer. However, in some cases it is important to see the callflow to complement the analysis. In this case I cannot leave the file on the server, being forced to download the pcap.

Describe alternatives you've considered

Something like callflow, (example view) would be very interesting for analyzing SIP traffic.

Additional context

wireshark example:

image

image
@gcla
Copy link
Owner

gcla commented Aug 27, 2022

hi @rafapcarvalho - I'll investigate!

@rakotomandimby
Copy link

sip calflow can be view with another already existing tool; sngrep

@rafapcarvalho
Copy link
Author

@rakotomandimby In this case, the proposal would be not to go to another tool. Something similar to what termshark gives us, since now I no longer need to download the file from a server to my personal machine to analyze a trace.

@rakotomandimby
Copy link

I really think we should leverage the use of existing. I work in the callcenter field and sngrerp does a really good job. May I suggest you try it, take a look at the codebase used to achieve that and you might conclude it is not worth it to start another work from scratch. I am not saying rewiting will result in same amount of code.

@rafapcarvalho
Copy link
Author

ok! thanks.

@gcla
Copy link
Owner

gcla commented Sep 20, 2022

Hi @rakotomandimby and @rafapcarvalho - I didn't know about sngrep - I tried it out and it's very nice! I agree with your opinion that it would be better to use it directly. Maybe termshark could loosely integrate with it. Something like

  • if sngrep is available (e.g. PATH), then present a termshark menu option to do SIP analysis, and make it clear it's using sngrep
  • if invoked, pass the pcap to sngrep behind the scenes by launching it as a child process, and hand the terminal over to sngrep until the user terminates sngrep

Do you think that would provide extra value? I don't think it would be a lot of work on the termshark side of things.

(The termshark log viewer works similarly - it just launches a gowid terminal widget within termshark and opens the log file with the user's pager)

@rafapcarvalho
Copy link
Author

@gcla In my opinion, it provide extra value.

@rafapcarvalho rafapcarvalho reopened this Nov 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gcla @rakotomandimby @rafapcarvalho