Skip to content
/ sipdump Public

SIP capturing to file on the wire for specific use-cases

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ssherar/sipdump

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github/workflows
.github/workflows
 
 
bin
bin
 
 
cmd
cmd
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

SIPDump

Based of the idea of pcapsipdump that has been abondoned in many different states for over 6 years, we've decided to rekindle the idea underneath and port it to golang, as pcapsipdump does a couple of things well

  • Capturing RTP/RTPEvent/R38 packets inside the same pcap
  • Capturing SIP packets and dumping them to a dedicated file
  • Number and method grep for what packets to capture
  • Running for days/weeks without falling over

While there is are other tools out there (such as SipGrep and sngrep), they don't work out a clean and simple way of dumping SIP/RTP into individual pcaps for later analysis.

Usage

$ sipdump --help
sipdump is a SIP capture tool that breaks up SIP calls into individual pcap files

Usage:
  sipdump [flags]

Flags:
      --calltable-clear-interval uint32   How often to clear the calltable in seconds (default 300)
      --calltable-timeout uint32          How long to keep a call in the calltable in seconds if there is no logged writes (default 1900)
  -d, --directory string                  Base directory to store pcap files (default "/tmp")
  -f, --filename-template string          Template for pcap filenames using golang Template strings. More info can be found in the README (default "{{.DateFormatted}}_{{.TimeFormatted}}_{{.From.Number}}_{{.To.Number}}_{{.CallID}}.pcap")
  -h, --help                              help for sipdump
  -i, --interface string                  Device to capture on
  -n, --number string                     Number to be searched for in the from/to (regex friendly)
  -p, --promisc                           Promiscuous mode (default true)
  -s, --snaplen int32                     Snaplen (default 1600)

Filename Template Values

Value Description
.DateFormatted Date formatted as YYYYMMDD
.TimeFormatted Time formatted as HHMMSS
.From.Number Number of the caller
.From.User User of the caller
.From.Host Host of the caller
.From.Tag Tag of the caller
.To.Number Number of the callee
.To.Host Host of the callee
.To.Tag Tag of the callee
.CallID CallID of the call
.Datetime The direct time.Time object of the start of the call

Todo list

  • Implement logrus to track sip CallIDs properly
  • Regex number matching both on to and froms
  • Capture RTP streams and save them to the pcap file
  • Capture RTCP streams and sav ethem to the pcap file
  • Dump to JSON (or have some JSON processing ability?)
  • Make it ERSPAN friendly?
  • Implement EEP protocol
  • Implement github actions to build and release binaries
  • Create an API for adding captures on the fly
  • Escrow up to s3 when completed
  • Implement github actions to build and release binaries

Author

License

TBC

About

SIP capturing to file on the wire for specific use-cases

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Aug 25, 2023

Packages

No packages published

Languages