Very basic tcp support, i.e. some dirty hack that omits syn/syn+ack and only work if SIP messages always start a new segment and every segment is smaller than MSS - should be very easy to impletemt - 5-10 lines of code, maybe.
Proper tcp support with segment reassembly, reordering handling, etc. is a bit more daunting.
Last edit: Aex Aey 2016-12-05
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For really crude TCP support, check out [r128]. Known problems:
1. SYN, empty ACK, FIN, RST and keepalive packets are omitted;
2. when SIP (+SDP) are long enough to be split into multiple segments, only first segment is recorded;
3. if ip/port allocation lines of SDP happen to be beyong first TCP segment, RTP defined in that SDP is omitted.
Actually we are able to see the first segment by turning off TCP reassembly:
For the benefit of others:
right click on Transmission Contol Protocol>Protocol Prefences> turn off Allow Subdissectors to Reassemble
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi James,
pcapsipdump do not support yet SIP over TCP.
Bellow the condition in the capture main loop.
header_ip=(iphdr )((char)pkt_data+offset_to_ip);
if (header_ip->protocol==17){//UPPROTO_UDP=17
regards,
A.B
+1 for this! Would be great to be able to use SIP TCP
Very basic tcp support, i.e. some dirty hack that omits syn/syn+ack and only work if SIP messages always start a new segment and every segment is smaller than MSS - should be very easy to impletemt - 5-10 lines of code, maybe.
Proper tcp support with segment reassembly, reordering handling, etc. is a bit more daunting.
Last edit: Aex Aey 2016-12-05
I'm happy to perform any testing with the code to ensure it works correctly.
For really crude TCP support, check out [r128]. Known problems:
1. SYN, empty ACK, FIN, RST and keepalive packets are omitted;
2. when SIP (+SDP) are long enough to be split into multiple segments, only first segment is recorded;
3. if ip/port allocation lines of SDP happen to be beyong first TCP segment, RTP defined in that SDP is omitted.
Related
Commit: [r128]
We are finding that in case #2 large tcp packets (eg INVITE w/ SDP + AUTH) are not included in the capture file at all. Both segments are dropped.
Actually we are able to see the first segment by turning off TCP reassembly:
For the benefit of others:
right click on Transmission Contol Protocol>Protocol Prefences> turn off Allow Subdissectors to Reassemble
TCP support appears to be broken in r143 and forward. Only the first INVITE packet is captured. It works in r142. Thanks!
Should be fixed in [r146], thanks for reporting!
Related
Commit: [r146]
Indeed, it works. Thanks for the speedy fix!