Troubleshooting SIP using TCPdump

TCPdump is a powerful tool for analyzing network traffic going to and from your server. With the proper filter settings it is possible to isolate SIP and RTP packets.

First install tcpdump if not already

yum install tcpdump

Here are some practical examples of commands we use.

#VIEW ALL SIP TRAFFIC IN REAL TIME
tcpdump -nqt -s 0 -A port 5060

#LOOKING FOR A STRING
tcpdump -nqt -s 0 -A port 5060 | grep "User-Agent:"

#BY IP AND PORT
tcpdump -nqt -s 0 -A host xx.xx.xx.xx and port 5060

#WATCH SIP ACTIVITY IN REAL TIME FROM SRC IP DESTINATION PORT
tcpdump -nqt -s 0 -A "src host xx.xx.xx.xx and dst port 5060"

#VIEW ASTERISK RTP TRAFFIC (VOICE)
tcpdump -nqt portrange 10000-20000

#TO SAVE SIP ACTIVITY TO A FILE
tcpdump -n -s 0 port 5060 -vvv -w /tmp/capture_file_name

#TO SAVE SIP AND RTP ACTIVITY TO A FILE
tcpdump -n -s 0 port 5060 or udp portrange 10000-20000 -vvv -w /tmp/capture_file_name

Saved files can be opened and analyzed by a free network analyzer called wireshark.
https://www.wireshark.org

İlgili diğer dökümanlar

Şifre Oluştur