Re: [Ethereal-dev] Voip Calls analysis and Graph analysis

[Lars Roland <lars.roland@xxxxxxx>]

Hello Alejandro,

nice work, here are my comments:
a) Patches for dissectors are OK except for q.931: you have to handle 
the case, where dissect_q931_IEs() is not called by dissect_931_pdu. 
I'll check in a fixed version.

b) Are patches for mtp3 dissector missing?

c) There is a problem with the GUI part: the window for the voip_calls 
doesn't get updated. Instead you create a new window with updated values 
manually.
Thus the tap doesn't work when called via -z option from the command 
line and it probably doesn't work when you update the packet list in 
"real time" while capturing.
A solution would be to register a draw function for each tap listener. 
The functions for updating the window have to be redone for this.

d) As a comment in voip_calls.c sais, IPv6 isn't supported. I can 
provide a SIP over IPv6 capture, if you like to implement support.

I'll check in the patches for the dissectors. I've reformatted some 
lines and replaced a strcpy() with a more secure g_strlcpy(). The 
patches shouln't break anything and will even improve current h323 taps. 
I'll also check in the sources for the tap (also slightly modified), but 
without changes to the makefiles, so they won't be compiled by default.

Regards,
Lars

Lars Roland schrieb:
> Hi Alejandro,
>
> looks very promising.
> it will take sometime to review the huge patch, but I'd like to get it 
> into ethereal soon. I don't know how long it will take to get through it 
> in my spare time.  I will concentrate on the h323 and sip part. I hope 
> others have some time to have a closer look at the GUI part, too.

> Do you have some capture files, you could provide? e.g. a call with a 
> sip and an h323 leg, or h323 gatekeeper routed call with more than one 
> gatekeeper involved.
>
> Regards,
> Lars
>
> Alejandro Vaquero schrieb:
>
> > Hi All,
> >    Attached is the new "Voip call analysis" patch file and a screen 
> > shot of a SIP to H323 interop call. It is based on Francisco Alcoba 
> > source, and added support of H323, RTP and a Graph analysis. The Graph 
> > interface can also be used in other no Voip analysis.
> >     Here are the features:
> > - Collect ISUP, SIP and H323 calls from a capture and show them in 
> > window with the following info:
> >       - Start and Stop time of the call
> >       - Initial Speaker: the IP source address of the first message 
> > that started the call
> >       - From and To: In H323 and ISUP, it is the calling and called 
> > number. In SIP the From and To fields.
> >       - Protocol: H323, SIP and ISUP (from now)
> >       - State: the sate of the call
> >       - Comments: For H323, it shows if the call is a FastSatrt call 
> > and if Tunneling H245 is enable or not.
> > - Prepare a filter of a particular call when selected.
> > - Select one or multiple calls to "graph analysis"
> >    And the "Graph Analysis" has:
> > - Graph up to ten columns or "nodes". Each "node" it is defined as an 
> > IP address.
> > - Shows the direction of the message using arrows
> > - Display a "frame" label on top of the arrow, and a "comment" at the 
> > right of each packet.
> > - For  SIP and H323 the  "frame" label also shows the Codec used.
> > - The "comment" column will show different info based on the packet. 
> > For Setup and INVITE messages, it shows the calling/called number and 
> > From/To fields. For Release H323 messages, the Q931 release cause. For 
> > H225 messages, if tunneling is enable or not, and if FastStart is 
> > present in the packet.
> > - RTP streams involved in the call. It is displayed as a wider arrow. 
> > The "frame" label also shows the Codec for the stream and the 
> > "comment" shows the number of RTP packets in this stream, the 
> > duration, and ssrc.
> > - When "click" on a frame in the graph, the selected frame number will 
> > be selected in the Main windows.
> > - The graph also shows the time, and the UPD/TCP ports per frame.
> >
> >    I have tested it in a Windows machine using GTK 1 and 2. There is 
> > not support for ISUP calls in the Graph yet (don't have such captures).
> >
> >    Comments and changes are very welcome.
> >
> > Regards
> > Alejandro
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev