Latest release notes of the VoIP Analyzer Tool

v23.09.16.00

Optimize SharkEdit: Anonymize any field in any Wireshark pcap file based on the well known Wireshark display filters
- also called “flexible anonymize” in the GUI
Optimize SharkExport/filter any field in any Wireshark pcap file based on the well known Wireshark display filters.
- Export on HTML format and in Excel CSV format
- also called “flexible filter” in the GUI
Support LinkLayers.Ppp
text2pcap: add syslog remark when limit of 1000 packets is reached
text2pcap: better detection of date/time for unknown vendors
Bug fixing

v23.06.10.00

NEW: SharkEdit: Anonymize any field in any Wireshark pcap file based on the well known Wireshark display filters
- also called “flexible anonymize” in the GUI
NEW: Export/filter any field in any Wireshark pcap file based on the well known Wireshark display filters.
- Export on HTML format and in Excel CSV format
- also called “flexible filter” in the GUI
Add live suggestion in GUI of any Wireshark display filter for anonymize or export/filter
Bug fixing

v23.06.10.00

NEW: SharkEdit: Anonymize any field in any Wireshark pcap file based on the well known Wireshark display filters
- also called “flexible anonymize” in the GUI
NEW: Export/filter any field in any Wireshark pcap file based on the well known Wireshark display filters.
- Export on HTML format and in Excel CSV format
- also called “flexible filter” in the GUI
Add live suggestion in GUI of any Wireshark display filter for anonymize or export/filter
Bug fixing

v23.04.21.00

Bugfixing

v23.04.21.00

Bugfixing

v22.12.02.00

SIP
- Siplog2Pcap: conversion from a SIP log to a pcap now supported for following SIP vendors:
  - 3CX
  - Alcatel
  - Anveo
  - Asterisk
  - AudioCodes Syslog
  - AudioCodes SIP ladder diagram files
  - Avaya
  - BroadWorks XS logs (BroadSoft)
  - Cisco or CUCM Sip Logs
  - Enovation UMO (UMO SIP Alarm devices)
  - Genesys
  - Lync
  - Mediatrix Syslog
  - Microsoft Teams -> see AudioCodes syslog
  - Mitel
  - OneAccess (Ekinops)
  - OpenScape Business (Atos/Unify)
  - OpenScape 4000 STMI SIP logs (Atos/Unify)
  - OpenScape Voice RTT traces (Atos/Unify)
  - RingCentral
  - Twilio
  - Yealink
- Other SIP vendors can be supported on simple demand.

- SipLog2Pcap: OpenScape voice RTT trace: optimize handling of SIP-Q message body
- Show also SIP CANCEL after SIP RE-INVITE as incomplete SIP dialog
- Show SIP Source IP and SIP Destination IP as summary in SIP Ladder diagram pop-ups
- SIP Call duration is zero when there is no SIP BYE message

Anonymize
- anonymize the HTTP protocol
- anonymize the SSDP protocol
- anonymize the FTP protocol (USER and PASS only)
- anonymize also SIPS (Secure SIP)
- Text2Pcap
- Text2Pcap: make detection of start of a new hex packet more defensive
- Text2Pcap: support Cisco ASR 5000 / Cisco ASR 5500 hexdump file format (RawIP)
- Text2Pcap: support Fortinet hex dumps
- Text2Pcap: support "Cisco monitor capture" format
- Text2Pcap: support Juniper Netscreen Snoop format hex dumps

Other
- Support CSTA III during pcap analysis: Show CSTA III messages in generated HTML page
- optimize readability of the XML protocol in a SIP message body in the SIP ladder diagrams
- support IP fragmentation for IP in a GRE tunnel (Generic Routing Encapsulation)
- Optimize SEO
- support TZSP encapsulation: TaZmen Sniffer Protocol
- Generate wave files also for SRTP
- Optimize RTCP logging
- support of 802.3br packets

v22.06.01.00

SIP
- optimize creation of short SIP headers when there is a ";" sign in the SIP header display part
RTP
- RTP comfort noice not correct indicated for SRTP in RTP HTML table
Anonymize
- anonymize FTP password
- anonymize HTTP GET string
- always anonymize SIP TEL URI (also when they are not RFC conform formatted)
- keep original IP addreses during anonymize when there are pre-defined documentation IP addresses (RFC5737)
Automatic update
- check version.txt and version.html at startup
- detect download of update failure. Make timeout shorter.
- optimize handling if HTTPS request to check latest version is blocked
GPRS Tunneling Protocol (GTP)
- optimize detection and unpacking of of GPRS Tunneling Protocol (GTP) when there are optional GTP parameters
Other
- show license request sting in the logging at startup when there is no license
- adjust executable names for linux (all lower case now)
- default path to c:\voipanalyzer in Windows install program

v22.05.16.00

SIP
- anonymize RFC7315 private SIP headers
- support RFC3262 RAck SIP header for ABNF check
- SIP request line sometimes too long in the SVG diagram
AudioCodes
- Major performance optimalisation for AudioCodes SipLog2Pcap conversion
- optimize AudioCodes SID filtered files
- Detect CallID2 for Audiocodes sipLog2PCap. Show in HTML tables CallID2
- Support multipart body for SipLog2Pcap (e.g. QISG, SIP-Q, ...) (e.g. for OpenScape Voice - OpenScape 4000 - OpenScape Business)
RTP
- anonymize RTP payload while volume is still detectable
- detect ambiguous RTP sender timestamp
MGCP
- defensive reading of MGCP messages. allow <br> and \n
updater
- add automatic online updater
ZIP
- minor correction for unzipping with gzip
SipLog2Pcap
- add CONVERSIONS button in GUI
General
- optimize TCP reassemble when reassembled packet is larger than 64kB
- Add counter in HTML tables simular as in CSV files

v22.03.14.00

SipLog2Pcap
- add CONVERSIONS button in GUI
- SipLog2Pcap: convert SIP logs to Wireshark pcap files.
- SIP log conversions supported from following vendors:
  - ▪ Anveo
    ▪ Asterisk
    ▪ AudioCodes Syslog
    ▪ AudioCodes SIP ladder diagram files
    ▪ Broadsoft
    ▪ Genesys
    ▪ Lync
    ▪ Mediatrix Syslog
    ▪ Mitel
    ▪ OneAccess (Ekinops)
    ▪ OpenScape Business (Atos/Unify)
    ▪ OpenScape 4000 STMI SIP logs (Atos/Unify)
    ▪ OpenScape Voice RTT traces (Atos/Unify)
    ▪ Twilio
AudioCodes
- convert AudioCodes syslog files to an audit with a filtered AudioCodes syslog file for each unique SIP call [SID=xxx:xxx:xxx]
  o Add unique AudioCodes Log as table entry in all the HTML pages after audit
  o Support Audit of AudioCodes Debug Recording (ACDR) capture inclusive AudioCodes logs (SIP + RTP + RTCP)
  o Convert AudioCodes debug recording capture to a normal Wireshark capture during the Merge functionality (SIP + RTP + RTCP)
- Hex2Pcap: convert Wireshark HEX files to Wireshark pcap files
  - Tunneled QSIG in SIP message body
  o more exact processing of tunneled QSIG in SIP (or SIP-Q): process as HEX
  o detect false hits on \r in multipart/mixed body
  o Support "Content-Disposition:" as body header for multipart/mixed
- Still show the tool GUI when the license is expired
- Optimize handling of captures on the Null/loopback device
- add VoIPAnalyzerUpdater: check at startup if online any update is available
- Use "frame.number==" in loggings (not WP== anymore)
- Correct gzip issue during merge on Linux
Anonymize
- o also anonymize optional parameters in the SIP FROM header
  o support anonymize of IGMP multicast packets
  o do not process DHCP packets during anonymize
RTP
- o Show Max RTP delay, max RTP Jitter and Max RTP Skew in RTP HTML table
  o correct influence between RTP and DTMF on RTP statistics

v22.02.14.00

correct influence between RTP and DTMF on RTP statistics
detect IPv6 For Raw captures
add extra hints in syslog for anonymize
anonymize ICE candidates in SDP
SipLog2Pcap: paste DateTime also when year is not available (e.g. for AudioCodes syslog)
support AVPF and SAVPF in SDP
clean addition struct memory at the end of an audit/anonymize/merge
make anonymized DNS names iso mapped IP addresses
use more natural filename after anonymize (xxx_ANON)
correct rewriting of SDP length after anonymize
optimize TCP re-assembly mechanism
optimize cleanup of leftovers after TCP assembly
give warning when zip fle is opened
correct processing of abbreviated headers
TCP reassembly rework + hexdump in hex2pcap format
gzip for pcapng
cleanup/optimize IP fragmentation
SipLog2Pcap generates incorrect "application/csta+xml" body
optimize handling of pcapng capture with both ethernet packets as also sll packets
Only last RTP codec is shown in the HTML RTP overview
Update logging for abbreviated SIP headers
Support the SIP NEGOTIATE method
optimize logging of sip.Call-ID=="xxx"
Update SipLog2Pcap help file
SipLog2Pcap: support Mitel Sip log conversion to pcap
SipLog2Pcap: add Mitel and OpenScape Voice RTT log conversion to pcap
Correct PCAP with wrong TCP flags (e.g. push flag)
solve progress bar > 100% issue
Support detection of IEEE802.3br preemption
Add proprietary X-RTP-Stat headers
LinkLayerType as short
update on IEEE 802.3br detection
Add proprietar Siemens SIP headers
Add proprietar ThigSbc SIP "X-" headers
SipLog2Pcap: add vendor OneAccess for SIP log conversion to pcap
SipLog2Pcap: also detect abbreviated content-type SIP header "c:"
Read QSIG in body as bytes, not as chars
SipLog2Pcap code optimalisation: make separate classes
support ^M
SipLog2Pcap: detect splitted SIP headers and combine them
Add also "SIP Reason header" in HTML table for Register, Options etc
Show SIP 403 Forbidden in the HTML ERROR tables
SipLog2Pcap: detect SDP splitted on 2 lines for AudioCodes syslog logs.
SipLog2Pcap: optimize splitted SIP messages
SipLog2Pcap: support SIP messages on one line with numerous \n
SipLog2Pcap: only search for \n if also SIP/2.0 can be found in the string
add icons to Web projects and put header on index page
SVG corrupted for "var protmessage0" when \r leftover occurs
first detection SIP Common Log Format (CLF)
error in cleanup tcp stream
siplog2pcap html corrections (header)
web: correct clear page for Firefox + make buttons
Show errors/warnings when SIP RFC errors occur

v21.12.27.00

Support "RAck" SIP header (RFC3262)
support IP fragmentation with duplicate packets
adjust handling of fragmented packets
Adjust default OpenScape SBC ports from 50000-50019 to 50000-50039
check maximum framesize of 64K after IP or TCP assembly
do not use duplicate RTP packets for wave files
cleanup at the end of IP fragments and TCP segments
hex2pcap for online tool on website https://hex2pcap.voipanalyzertool.com/
hex2pcap: detect de-chunked data and skip it
allow a tab character for Hex2Pcap splitting
allow maximal merged filesize of 4 Gb
optimize link layer detection
detect RTP packets when they use well known SIP ports
allow any SIP response code in the range 100-699
add remark in HTML when RTP delay is highter than 60ms
check if the 5 mandatory SIP headers are available during audit
prevent false hits on RTP and RTCP after SIP BYE
SipLog2Pcap for online tool on website https://siplog2pcap.voipanalyzertool.com/
online web tool: make specific page for wrong cases (e.g. wrong input)
Wireshark OSPF packet not always correct parsed
support radius and diagram protocol (not in GUI yet)
adjust parsing of MGCP request line
adjust parsing of CSeq SIP header
do not allow SVG drawing with negative x position
add help file for relevant commands for tshark to text
culture dependency for DateTime
use minimal HTML table height when table is empty
show short names for wave files in HTML tables
Add SIP reason header in generated HTML tables
optimize splitting of long strings (e.g. SIP From/To/CallID) in HTML tables

v21.10.02.00

now supported as Date format: day/month/year or month/day/year or year/month/day
Support RawIP for Hex to Pcap conversions
also anonymize SRTP
give warning for zero duration parameter for DTMF via RFC2833/RFC4733
use only destination IP and destination port for RTCP filenames
check if SDP content length value header is consistent with SDP body length
minor correction for new SDP content length after anonymize
major performance optimalisation during writing of syslog entries from Pcap to syslog text files
correction regarding detection of multiple SIP messages in one single Wireshark packet
support P-RTP-Stat header for RTP statistics
ignore X-Siemens-RTP-Stats: stats not available

v21.09.16.00

major performance optimalisation during audit
- finetune anonymize of MGCP messages
- minor updates in help files
- create new CHM help file
- minor bug fixes

v21.05.12.00

New code signing certificate
Detect ZRTP magic cookie in RTP header
SIP port range extended to 5060-5080 and 5090
Time processing : Local or UTC (also in GUI)
Merge folder selection instead of one file selection in the merge folder
MGCP csv file
Support nested 802.1Q
Useragent text added to message flow diagrams

v21.03.31.00

support of the MGCP protocol
Handling SVG message graphs more generic (also for MGCP)
Correction on script error popup for .chm help file
Correction with multiple linktypes in pcapng
Filter column buttons in HTML tables
issue solving

v21.02.22.00

support Raw IP header
use colors in RTP HTML pages to highlight issues with packet drop, jitter, skew etc
support abbreviated SIP headers
use always TTL value 64 after anonymize to hide network topology
support detection of GRE tunnel will NULL encryption
add “clear logging window” button in GUI
TCP segmentation finetuning
Detect SIP BYE immediate after SIP RE-INVITE (incomplete SIP dialog)
Make ethernet address anonymous during anonymize
Add dropzone on website
Added free online demo on our https://www.voipanalyzertool.com website
Optimize performance

v20.11.14.00

performance optimalisation during merge action
update of online help files
update of offline CHM help files
update tool icon
bug fixes

v20.10.27.00

support merging of Ethernet packets + Linux SLL packets at the same time to one wireshark capture

v20.10.26.00

support the Wireshark snoop format
use UTC time for Wireshark captures
make also RTP stats in CSV format
also anonymize data TCP packets with data length zero (e.g. TCP SYN)
support VoIPAnalyzer tool on Linux
support VoIPAnalyzer tool on macOS
bugfixes

v20.10.04.00

Support of PCAPNG (pcap next generation) Wireshark format
Add also a split button next to the merge button
Improved performance in some area’s
Add progressbar in GUI
bugfixes

v20.07.13.00

Initial version released for any 64 bit Windows Operating system