[erlang-questions] Re: extract and parsing megaco message from pcap file
Anders Nygren
anders.nygren@REDACTED
Thu Apr 7 14:56:18 CEST 2011
Hi
There are two erlang projects on github that works with pcap.
Michael Santos' epcap https://github.com/msantos/epcap
and my pran https://github.com/nygge/pran
neither currently support megaco but at least pran is
made to make it easy to add new protocols.
Pran reads pcap files and decodes the records. Currently
it handles ethernet, IP, TCP, UDP, SIP, SDP, MTP2, MTP3,
SCCP, TCAP, MAP
It has a VERY simple filter function that allows for quick search
in pcap files.
Wireshark is normally an excellent tool but searching is very slow.
One reason I started pran was that we had a lot of pcap files,
10 MB only covered 10 minutes, we needed to search.
With wireshark it took > 30 s to open a file and >30s to filter. (I
don't remember the exact times but it was somewhere 30-60 s
for each step)
With pran if takes much less than 1 s.
So take a look and let me know if You need any help.
/Anders
On Thu, Apr 7, 2011 at 6:47 AM, Zsolt Czinkos <czinkos@REDACTED> wrote:
> Hello
>
> Anyone has ever done something similar to this?
>
> I'd like to process pcap files containing megaco messages (among
> others). I'd like to filter and extract and parse megaco messages from
> this file and produce some human readable format.
>
>
> Best,
>
> Zsolt
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
More information about the erlang-questions
mailing list