search

irontec / sngrep

Ncurses SIP Messages flow viewer
GNU General Public License v3.0
1.02k stars 187 forks source link

tcpdump command corresponding to "sngrep - c" #453

Closed hzxgo closed 1 year ago

hzxgo commented 1 year ago

Sngrep doesn't seem to support running in the background, so I would like to know the tcpdump command corresponding to "sngrep - c"

Kaian commented 1 year ago

There is no such command for tcpdump, because it will require to analyze SIP payload to filter INVITES We use tcpdump for capture with something like (captures packets in 5060 and ip fragments)

tcpdump -Z root -i any -s0 -B 524288 -n -w new-capture-file.pcap port 5060 or \( ip[6:2] \& 0x1fff \) != 0

You can also add your RTP ports range for audio

tcpdump -Z root -i any -s0 -B 524288 -n -w new-capture-file.pcap port 5060 or portrange 13000-30000 or \( ip[6:2] \& 0x1fff \) != 0

And if you want to auto-rotate when file reaches a given size (10 files of 1 Gb), you can also add

tcpdump -Z root -i any -s0 -B 524288 -n -w new-capture-file.pcap -C 1000 -W 10 port 5060 or portrange 13000-30000 or \( ip[6:2] \& 0x1fff \) != 0

Hope it helps,

Regards