Filtering VoIP calls with tshark

Question

I'm analyzing VoIP calls on my network

For now i'm using a generated .pcap file, but later i'll be listening for this at real time.

I'm using tshark, and i can filter some important data pretty easily from the .pcap (like "source ip address and port", "destination ip addr and Port", payload pckt lost, Max Delta(ms),Max Jitter(ms),Mean Jitter(ms)) with

tshark -r myfile -q -z rtp,streams

What i want to know is: how can i get the sip addrs of a call? (client and server)

I can retrieve some sip addrs (only client) by filtering all sip INVITE like this:

tshark -r myFile -R "sip.Request-Line contains INVITE"

But i can't get the address of the server.

To clarify a bit, my idea was to get this "statistic" in tshark, like wireshark gives me when i access "Telephony>VoIP Calls" (the same way that tshark -r myfile -q -z rtp,streamsreturns me statistics just like wireshark's Telephony>RTP>Show All Streams), is there a way to do this? If not with "statistics" (-z) how can i create a filter (-R) to do something similar of the "VoIPCall" function of wireshark

I'm using tshark as i want to work with this data, and not just analyze it on my screen

Thanks

Answer 1

try:

tshark -r myFile -R "sip.CSeq.method eq INVITE"

That will filter for the request sent from the client and the corresponding reply from the server.