Wireshark-users: Re: [Wireshark-users] [tcpdump-workers] Help on Ethernet Size

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 6 Mar 2007 18:31:46 -0800

On Mar 6, 2007, at 6:28 PM, ARAMBULO, Norman R. wrote:

Thanks for the enlightenment that helps a lot... Another thing how can I parse a voip call (h323 family, SIP, IAX etc.) Is wireshark capable of doing it.

Yes.

Can somebody send me a source code for parsing voip call in C language.

	http://www.wireshark.org/download/src/wireshark-0.99.5.tar.gz

:-)

Even if you strip out everything except the link-layer, IP, TCP, and SCTP dissectors, and the protocols running atop them in VoIP calls, and all the facilities in the Wireshark core that aren't needed to support those dissectors, that's a *lot* of code. Dissecting packets isn't something you can do with a quick little bit of C code.

Now, if by "parsing" you meant "constructing and sending, and receiving and processing" - i.e., you want to implement VoIP - there are other free-software projects for that (Asterix, for example). However, for those, see the previous paragraph; that's still a *lot* of code.