forked from irontec/sngrep
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
78 lines (75 loc) · 3.67 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
===============================================================================
=== sngrep - Ncurses ngrep interface for SIP ===
=== Copyright (C) 2013 Irontec S.L ===
===============================================================================
-------------------------------------------------------------------------------
--- DISCLAIMER ----------------------------------------------------------------
-------------------------------------------------------------------------------
--- sngrep is a small development done in a couple of days. It has not been
--- properly coded. It has not been propely tested. It should not even reach
--- the alpha stage, but can be handy somehow in strange cases.
---
--- If you use this piece of code and find a bug or have a comment, write them
--- to
--- kaian@irontec.com
---
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
--- WHAT IS SNGREP?
-------------------------------------------------------------------------------
--- This 'tool' aims to make easier the task of my workmates while using ngrep
--- on heavy load production systems. When a lot of SIP messages are flowing
--- in your screen, is useful to have a tool that order them and print in a
--- fashion way.
---
--- This can be also used as a PCAP file viewer, although will only show SIP
--- packages.
---
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
--- FEATURES
-------------------------------------------------------------------------------
--- There are two ways of using sngrep
---
--- Offline mode:
--- Just pass a PCAP file as parameter, it will read all UDP SIP packages
--- and parse them in different dialogs showing their call flows when possible.
---
--- Online mode
--- You can use sngrep with the same parameters than ngrep.
--- It will spawn a ngrep process passing the given parameters and parse its
--- output.
--- Some parameters will make ngrep output be different from what sngrep
--- expects, making it fail. Yes, it sucks.
---
--- sngrep will try to group parsed messages in dialogs based on Call-ID
--- header of SIP messages.
---
--- If you want to make relations between different dialogs (extended callflow)
--- a header must be present in of the dialogs referencing the other one.
--- This header can be X-CID or X-Call-ID and must contain the Call-ID of the
--- other related dialog.
---
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
--- FREQUENT ASKED QUESTIONS
-------------------------------------------------------------------------------
--- Q: Why a new tool from network filtering?
--- A: Don't know. I didn't find any console tool that will display call flows
--- not even in text mode.
---
--- Q: Why dont you filter packages in online mode instead of using ngrep?
--- A: Because I don't have the required time to code all that right now
---
--- Q: Why only parsing SIP Messages?
--- A: Because it's useful for us.
---
--- Q: I have found a bug, what should I do?
--- A: There are LOTS of bugs. The strange thing will be you haven't found one.
--- Just write an issue at github and I will try to fix it.
---
--- Q: I think the idea is better than the tool.
--- A: I think that too. If you want to start a new tool with the same purpose
--- send me an email, I'll want to contribute.
---
-------------------------------------------------------------------------------