tshark SIP协议显示崩溃

Question

我正在使用tshark协议过滤器，因为我需要解析SIP数据包的内容。

tshark -r df32c2248fe646a6793ce9a63b124b34@0.0.0.0.pcap -O sip

我明白了：

Frame 14: 553 bytes on wire (4424 bits), 553 bytes captured (4424 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 4.4.4.4 (4.4.4.4), Dst: 3.3.3.3 (3.3.3.3)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
Session Initiation Protocol (200)
    Status-Line: SIP/2.0 200 OK
        Status-Code: 200
        [Resent Packet: False]
        [Request Frame: 11]
        [Response Time (ms): 115]
        [Release Time (ms): 115]
    Message Header
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=3.3.3.3;branch=z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
            Transport: UDP
            Sent-by Address: 2.2.2.2
            Sent-by port: 5060
            Received: 3.3.3.3
            Branch: z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
        Contact: <sip:14082186500@1.1.1.1:17060>
            Contact URI: sip:14082186500@1.1.1.1:17060
                Contact URI User Part: 14082186500
                Contact URI Host Part: 1.1.1.1
                Contact URI Host Port: 17060
        To: <sip:14082186500@spicyramen.ippbx.com;user=phone>;tag=83174026
            SIP to address: sip:14082186500@spicyramen.ippbx.com;user=phone
                SIP to address User Part: 14082186500
                SIP to address Host Part: spicyramen.ippbx.com
                SIP To URI parameter: user=phone
            SIP to tag: 83174026
        From: <sip:anonymous@sip.ie1.sipprovider.com>;tag=87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
            SIP from address: sip:anonymous@sip.ie1.sipprovider.com
                SIP from address User Part: anonymous
                SIP from address Host Part: sip.ie1.sipprovider.com
            SIP from tag: 87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
        Call-ID: df32c2248fe646a6793ce9a63b124b34@0.0.0.0
        CSeq: 44365 BYE
            Sequence Number: 44365
            Method: BYE
        User-Agent: 3CXPhoneSystem 14.0.44198.522 (44097)
        Content-Length: 0

如您所见，输出不会崩溃。我想看到这样的事情：

Frame 14: 553 bytes on wire (4424 bits), 553 bytes captured (4424 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 4.4.4.4 (4.4.4.4), Dst: 3.3.3.3 (3.3.3.3)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
Session Initiation Protocol (200)
    Status-Line: SIP/2.0 200 OK
    Message Header
        Via: SIP/2.0/UDP 2.2.2.2:5060;received=3.3.3.3;branch=z9hG4bK18f6609d-1c76-4a8b-a96b-2cf7d8036d36_6772d868_3067109296759172
        Contact: <sip:14082186500@1.1.1.1:17060>
        To: <sip:14082186500@spicyramen.ippbx.com;user=phone>;tag=83174026
        From: <sip:anonymous@sip.ie1.sipprovider.com>;tag=87638703_6772d868_18f6609d-1c76-4a8b-a96b-2cf7d8036d36
        Call-ID: df32c2248fe646a6793ce9a63b124b34@0.0.0.0
        CSeq: 44365 BYE
        User-Agent: 3CXPhoneSystem 14.0.44198.522 (44097)
        Content-Length: 0

Answer 1

Wireshark
您可以使用Wireshark来完成这项工作 申请display filter：
SIP

转到Packet Details窗格 展开＆＃34;会话启动协议＆＃34;
展开请求行，消息标题和消息正文*（不扩展子树）
转到文件 - 导出 - 导出数据包解析... - 作为＆＃34;纯文本＆＃34;文件...
数据包格式部分：选择＆＃34;数据包摘要行＆＃34;和＆＃34;数据包详细信息：显示为＆＃34;
添加文件名并保存文件

*注
我使用过sample file：aaa.pcap
消息正文：请参阅包223

TShark
您可以使用-T字段并添加所需的所有fields 例如：
tshark -r aaa.pcap -Y sip -E header = y -E separator =＆＃34;？＆＃34; -T fields -e frame.number -e sip.Request-Line -e sip.r-uri -e sip.Via -e sip.From -e sip.To -e sip.Call-ID -e sip.Contact - e sip.Expires -e sip.CSeq -e sip.User-Agent -e sip.Content-Length＆gt; aaa.csv