search

sipcapture / sipgrep

SIPGREP: Display and Troubleshoot SIP signaling over IP networks in console
http://www.sipcapture.org
GNU General Public License v3.0
165 stars 46 forks source link

Why is the traffic high? #41

Closed daxiondi closed 3 years ago

daxiondi commented 3 years ago

Using sipgrep to send homer traffic, the export bandwidth will suddenly increase. What is causing this? Is there any way to avoid it?

image

lmangani commented 3 years ago

An HEP client should only send what it receives - so something is on the wire - could you confirm you're not being scanned or something? If this is the case, You should see what happened in the protocol statistics quite clearly.

Side note: sipgrep is not an agent designed for perpetual mirroring and rather for casual console usage. I would suggest using a proper agent designed for the job, such as heplify or captagent to confirm if this happens there too.

daxiondi commented 3 years ago

I use sngrep, there is no such situation, confirm that it has not been scanned

lmangani commented 3 years ago

@daxiondi I can tell you use sngrep, the question is why sipgrep instead of a dedicated agent? Is this a "one-off" type of capture or permanently running?

daxiondi commented 3 years ago

I hope it will run permanently, and I can view the history of SIP signaling on homer

lmangani commented 3 years ago

@daxiondi please switch to heplify if you are running a perpetual sniffer.

daxiondi commented 3 years ago

I will try and tell you to use the report

daxiondi commented 3 years ago

It's been used for some time. Duplicate is really easy to use and stable. Thank you