pran is a low-level tool to search .pcap files which contain telecom signalling packets. It is mainly useful inside an Erlang program.
pran's approach to searching is: First, find all packets which match the given binary search pattern. Second, decode the packets which were found. This makes pran very fast in the important case of large .pcap files and a binary search pattern which only matches a small number of the packets in the file.
48> {ok,FD}=pran:open_file("mtp2.pcap", "").
{ok,<0.152.0>}
49> pran:read(FD).
[#frame{seq_no = 1,
timestamp = {1234,378,932000},
incl_payload_len = 5,orig_payload_len = 5,truncated = false,
payload_bin = <<141,184,0,241,193>>},
{mtp2,{fisu}}]
50> pran:read(FD).
[#frame{seq_no = 2,
timestamp = {1234,379,764000},
incl_payload_len = 36,orig_payload_len = 36,
truncated = false,
payload_bin = <<141,185,31,133,2,64,0,0,0,0,1,0,33,0,10,
2,2,8,6,1,16,...>>},
{mtp2,#mtp2_msu{bsn = 13,bib = 1,fsn = 57,fib = 1,
sio = undefined,sif = undefined}},
{mtp3,#mtp3_msu{ni = 2,prio = 0,si = isup,opc = 1,dpc = 2,
sls = 0}},
{isup,<<0,0,1,0,33,0,10,2,2,8,6,1,16,18,82,85,33,10,6,7,
1,17,19,...>>}]
51> pran:close(FD).
ok
GSM MAP SS7 TCAP SS7 SCCP SS7 MTP3 SS7 MTP2
SIP SDP
TCP UDP IP Ethernet
Install Erlang, then run 'make' in the top level.