[asterisk-users] OT: Want to capture all SIP messages

Pete Mundy pete at fiberphone.co.nz
Wed May 31 18:20:22 CDT 2017

> On 1/06/2017, at 9:24 AM, Jeff LaCoursiere <jeff at jeff.net> wrote:
> On 05/31/2017 04:13 PM, Steve Edwards wrote:
>> On Wed, 31 May 2017, Barry Flanagan wrote:
>>> sngrep
>> Isn't sngrep a great tool? Since discovering it my use of tcpdump/wireshark has cratered.
>> Being able to compare an INVITE that worked with one that didn't (with color highlighting) rocks.
> On sites where I want an always available packet history I use tcpdump with the -C and -W options to manage a ring buffer of X bytes.  Then you can use cool tools like sngrep or really anything that operates on pcap files at whim.
> Cheers,

Heya Steve

I use the same Jeff recommended.

Eg this command would capture SIP traffic in capture files up to 100Mbytes each, with a maximum of 10 files in play and overwriting the oldest automatically:

	tcpdump -i eth0 -w rollingSIPtrace. -C 100 -W 10 port 5060

Eventually you'd end up with files called 'rollingSIPtrace.00' through to 'rollingSIPtrace.09', and when rollingSIPtrace.09 reaches 100MB, overwriting of rollingSIPtrace.00 (then rollingSIPtrace.01 etc) would commence.

Does that achieve your goal?

Or was the problem that if your server restarts and the command auto-executes at boot time then the first file overwritten will be rollingSIPtrace.00, not necessarily whichever file was the last modified?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170601/528c2802/attachment.pgp>

More information about the asterisk-users mailing list