When processing of SIP header in AbstractMessageHeader::decodeHeader, the processing of each line (including the first line) splits across ':' which breaks when processing SIP with sip URI. Is this changed in later version?
Just started using jNetPCAP, and I have to say, I am very impressed so far. However, I've just discovered that checking for SIP messages with a TCP transport is not very reliable.
Having found the thread discussing problems with TCP SIP traffic previously, I've checked out the svn branch-1.3.1, rebuilt, and installed the resulting new jnetpcap.so file on my Ubuntu machine. Unfortunately, it does not appear to fix the problem of the SIP over TCP detection issue. It does capture a few more TCP/SIP packets, but does not capture them all. By the way - the target system is a RedHat 5 system, and the same issue happens there - I am just developing on Ubuntu.
You mentioned that if you had a capture file, you could resolve this issue. I am trying to get authorisation to send one over to you at the moment.
I am new to using pcap and tools associated with it. I have huge traces (in TB) which I have to analyze. I am only interested in the packet header (viz absolute timestamp, sending and receiving MAC, sending and receiving IP and transport protocol ports. All other information are not required. Is there a way that I can extract these information from a pcap file to a tab seperated text file? or any other format wher I can post process it is also ok.
Initially I tried exporting the pcap file to text and then used shell tools to extract the data. but it proved hugely expensive in storage and in computing power.
Will jnetpcap fit my needs? please let me know.
Any suggestion or starting point would be greatly helpful.
THanks in advance
You can work with a captured, read or created packet as a java
Packet object. The
Packet class provides much information about the state of the packet and information that is contained within it. There are several types of packet implementations available:
Packetclass. A generic packet type that all packet types represent.
JMemoryPacketclass. A packet that was not captured but created.
TemplatePacketclass. A special type of packet that can be used, but not necessarily have to, as a template for creating
PcapPacketclass. A pcap type packet that was captured through libpcap or WinPcap libraries.
NapatechPacketclass. A Napatech type of packet that was captured through Napatech library and hardware capture cards.
Packet baseclass provides the common API for accessing contents of a packet. There is the general