[asterisk-users] OT: Capture Asterisk traffic
Gordon Henderson
gordon+asterisk at drogon.net
Wed May 2 02:45:42 MST 2007
On Wed, 2 May 2007, CSB wrote:
>>
>> Well, the first thing I notice is that your first tcpdump example is
>> listening on eth0, and the second is listening on eth1.
>>
>> What happens when you do
>>
>> tcpdump -i eth1 -s 0 -w /tmp/tcpdump.1
>>
>> Do you see the RTP traffic then?
>>
> Thanks
>
> That was a typo. Should have read:
> The following works:
> tcpdump -i eth1 -s 0 -w /tmp/tcpdump.1
>
> But I want to be a bit more selective:
> tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060
>
> This doesn't capture the RTP traffic. Could anyone advise what I'm doing
> wrong or suggest a better way?
It would seem that there are various versions of tcpdump/pcap... My system
would seem to want to use something like:
tcpdump ... udp portrange 5060-65535
according to the manual, but it doesn't work.
If the port ranging really isn't working for you, then what I'd probably
be inclined to do is actually do it the other way round and reject ports
you aren't intersted in, so:
tcpdump ... udp and not port 53 and not port 123
53 is DNS and 123 is NTP. There aren't usually any other UDP services
running on your typical Linux box, but if there are, you can quickly
filter then out. (eg. add in a reject of 4569 for IAX2)
Gordon
More information about the asterisk-users
mailing list