Re: [reSIProcate] Passive SIP Traffic Analyzer
I have actually started on a different path:
- Derived a class from UdpTransport, to get access to its
protected processRxParse method. There's a socket created that I
don't need, but I'll deal with that later.
- Captured the packets externally and fed them into an instance
of the class above.
- Altered the created SipMessages so that the requests are
marked as coming from the TU - this is key, since all packets
are marked as external.
- Passed the created SipMessages into TransactionState::process,
and as far as I can tell, its state machine transitions the
states correctly.
For my purposes, I don't really need a TU, but just a way to get
notified when sessions are detected (e.g. TransactionState::mState
== Completed) and teared down. The state itself is private, so any
ideas how to go about this?
Thanks,
Mihai
On 2019-11-28 23:55, Scott Godin wrote:
If you need transaction or dialog level data that
is a good idea and might work nicely. :)
So basically just the dissector is easily reusable, with
no conversation/participants support, right?
What if there would be an interface added to decouple the
sockets API, so that the SIP replies could go through a dump
stub?
Thanks,
-Mihai
On 2019-11-19 17:24, Scott Godin wrote:
Not really. Homer support (
https://sipcapture.org/ )
was added, but that still doesn't allow you to listen
passively to SIP traffic. You could definitely build a
passive listener outside of resiprocate, then just use
the resip SIP message parsing routines to parse and
analyze the SIP message contents. This would be
essentially by passing the resip transports, transaction
state machine and DUM layers.
Scott
Hi,
Scott Godin wrote back in 2011:
resip
is great choice for a SIP message parser,
however there will be a reasonable
amount of work required to separate
things in order to try and reuse the resip
transaction, dialog and dum callback engine
in a passive way (ie. without generating any
responses).
Has this changed over the years, making such an
endeavor easier?
Thanks,
Mihai
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel