[asterisk-users] OT: Capture Asterisk traffic

Salvatore Giudice Salvatore.Giudice at VoIPSecurityTraining.com
Tue May 1 11:33:12 MST 2007


I think you want:

tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp dst portrange
5060-65534



dst port port 
True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
destination port value of port. The port can be a number or a name used in
/etc/services (see tcp(4P) and udp(4P)). If a name is used, both the port
number and protocol are checked. If a number or ambiguous name is used, only
the port number is checked (e.g., dst port 513 will print both tcp/login
traffic and udp/who traffic, and port domain will print both tcp/domain and
udp/domain traffic). 
src port port 
True if the packet has a source port value of port. 
port port 
True if either the source or destination port of the packet is port. 
dst portrange port1-port2 
True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
destination port value between port1 and port2. port1 and port2 are
interpreted in the same fashion as the port parameter for port. 
src portrange port1-port2 
True if the packet has a source port value between port1 and port2. 
portrange port1-port2 
True if either the source or destination port of the packet is between port1
and port2. 
Any of the above port or port range expressions can be prepended with the
keywords, tcp or udp, as in:

--------------------------------------------------
Salvatore Giudice
Salvatore.Giudice at VoIPSecurityTraining.com

VoIP Security Training, LLC
http://VoIPSecurityTraining.com

848 N. Rainbow Blvd. #1676
Las Vegas, NV 89107
Phone: (617) 959-7625
Fax: (214) 279-2906


-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of CSB
Sent: Tuesday, May 01, 2007 1:32 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: [asterisk-users] OT: Capture Asterisk traffic

I want to capture all my Asterisk traffic (including RTP) and then analyse 
it.

My plan was to use tcpdump and then analyse with Wireshark. The following 
works:
tcpdump -i eth0 -s 0 -w /tmp/tcpdump.1

But I want to be a bit more selective:
tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060

This doesn't capture the RTP traffic. Could anyone advise what I'm doing
wrong or suggest a better way?

Thanks

Cameron


_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list