ONE-OFF script to split SIP messages captured via wireshark, and group the messages by call-id.

wireshark_SIP.py

import re 
import collections 
from collections import defaultdict
from collections import namedtuple 


fileName='all-packet.txt' 
fileNameOut = fileName+"out.txt" 

file = open(fileName)
all_packet = file.read()
file.close()

frame_matcher = re.compile(r"Frame \d+")

all_packet_list = frame_matcher.split(all_packet)


packets_by_callid = defaultdict(list)

callid_matcher = re.compile(r'Call-ID.*:(.*)',re.IGNORECASE )
Frame = namedtuple('Frame',['frame_no', 'callid','frame_content'])

for i, packet in enumerate(all_packet_list):
    matched  = callid_matcher.search(packet)
    if matched: 
        callid=matched.groups()[0]
        frame=Frame(frame_no=i,callid=callid,frame_content=packet)
        packets_by_callid[callid].append(frame)  

def frame_contain_request(frame, text):
    
    request=re.compile('Request-Line.*:.*{}'.format(text),re.IGNORECASE)
    matched = request.search(frame.frame_content)
    if matched:
        return True 
    return False         
     

def frame_list_contain(frame_list, text):
    return sum([frame_contain_request(frame,text) for frame in frame_list]) 
        

out_file = open(fileNameOut,'w')        
count = 0 
for k,v in packets_by_callid.items(): 
    if not frame_list_contain(v,'CANCEL'):
        continue 
    
    if not frame_list_contain(v,'INVITE') :
        continue
    
    count +=1     
    out_file.write("call begining {0}\n".format(count))
    out_file.write("Call ID: {0} \n".format(k))    
    for frame in v:
        out_file.write("Frame {0} \n".format(frame.frame_no))
        for line in frame.frame_content:
            out_file.write(line) 
        
    out_file.write("call ending\n" )
out_file.close()