Match expression on all message is possible ??

irontec / sngrep

Ncurses SIP Messages flow viewer

GNU General Public License v3.0

1.02k stars 187 forks source link

Closed gilles0606 closed 2 years ago

gilles0606 commented 2 years ago

hello,

i do :

sngrep -I 100.pcap265 -c "cause=1"

in the pcap there are calls with in BYE "Reason: q.850;cause=1" but sngrep can't find them

the match expression is only for the INVITE content ?

how to match on all messages ? or on BYE message ?

Thanks

Kaian commented 2 years ago

Hi @gilles0606

Command line expression is only matched against initial dialog message to determine if the whole dialog must be filtered.

I you want to match on any dialog message, use Payload filtering available in filters screen (press 'F') in call list window.

Regards!

gilles0606 commented 2 years ago

Cool. Work fine... two small sub-questions

1) is it possible to pass a Payload filtering in command line ?
like sngrep -I 100.pcap265 -c -payload_filetring "cause=1;"

2) Is it possible in command line to convert a pcap to sip text ? an equivalent to save all dialogs to .txt

THANKS THANKS THANKS

Kaian commented 2 years ago

Hi!

Nope. Sadly those settings can only be set on configuration files, not command line. You can use a one use custom file...

echo set filter.payload "cause=1;" > /tmp/config
sngrep  -I 100.pcap265 -f /tmp/config

From command line you can only write pcap files. Other tools like ngrep can generate text from packets content.
```
ngrep -pqt -Wbyline -I 100.pcap265
```

Regards

gilles0606 commented 2 years ago

THANKS