Wireshark-users: Re: [Wireshark-users] Saving session in plain text
From: "Hans Nilsson" <hasse_gg@xxxxxxxx>
Date: Sun, 12 Nov 2006 14:52:28 -1100
Right click on the "Session Initiation Protocol" part of the packet and
select "Expand Subtrees" Then select Export->Packet-Details->As
displayed only. If there's too much information just collapse the part
of the packet you're not interested in. This give output that's pretty
similar to what you want if you play around with it some.


On Sun, 12 Nov 2006 22:12:15 +0000, "nnp" <version5@xxxxxxxxx> said:
> I have tried that but I cant see any combination of the options
> presented to get the output in the format I indicated. Also I only
> want the SIP part of the communication and the export function seems
> to always include the headers from other layers as well.
> 
> Do you know of any way to get it to format the output in such a way?
> 
> Thanks,
> nnp
> 
> On 11/12/06, Hans Nilsson <hasse_gg@xxxxxxxx> wrote:
> > Maybe the export-function?
> >
> > On Sun, 12 Nov 2006 19:07:07 +0000, "nnp" <version5@xxxxxxxxx> said:
> > > Hi,
> > > I have a captured SIP session that I wish to replay using a python
> > > script of mine. I require the saved packed dump to be in the form
> > >
> > > REGISTER sip:127.0.0.1 SIP/2.0
> > > Via: SIP/2.0/UDP 127.0.0.1:5066;rport;branch=z9hG4bKecjlzkte
> > > Max-Forwards: 70
> > > To: "Bleh <101>" <sip:101@127.0.0.1>
> > > From: "Blah <101>" <sip:101@127.0.0.1>;tag=gaerh
> > > Call-ID: dchafnkgbzxaavm@127.0.0.1
> > > CSeq: 396 REGISTER
> > > Contact: <sip:101@127.0.0.1:5066>;expires=3600
> > > Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, PRACK, REFER, NOTIFY, SUBSCRIBE
> > > User-Agent: Bleh/0.4.2
> > > Content-Length: 0
> > >
> > > e.g plain text
> > >
> > > I was wondering how I would go about getting ethereal to save the
> > > session in this format. I could probably strip the libpcap headers
> > > from each packet after I saved it but i'd prefer if there was an
> > > easier way.
> > >
> > > Thanks,
> > > nnp
> > >
> > > --
> > > http://silenthack.co.uk
> > > _______________________________________________
> > > Wireshark-users mailing list
> > > Wireshark-users@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-users
> > --
> >   Hans Nilsson
> >   hasse_gg@xxxxxxxx
> >
> > --
> > http://www.fastmail.fm - Access your email from home and the web
> >
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> 
> 
> -- 
> http://silenthack.co.uk
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
-- 
  Hans Nilsson
  hasse_gg@xxxxxxxx

-- 
http://www.fastmail.fm - A fast, anti-spam email service.