[asterisk-users] OT: Capture Asterisk traffic
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Wed May 2 05:04:51 MST 2007
On Wed, May 02, 2007 at 08:52:42PM +1200, CSB wrote:
> >
> >Well, the first thing I notice is that your first tcpdump example is
> >listening on eth0, and the second is listening on eth1.
> >
> >What happens when you do
> >
> >tcpdump -i eth1 -s 0 -w /tmp/tcpdump.1
> >
> >Do you see the RTP traffic then?
> >
> Thanks
>
> That was a typo. Should have read:
> The following works:
> tcpdump -i eth1 -s 0 -w /tmp/tcpdump.1
>
> But I want to be a bit more selective:
> tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060
>
> This doesn't capture the RTP traffic. Could anyone advise what I'm doing
> wrong or suggest a better way?
This is probably too big a cannon, but just in case it is useful:
Anybody tried marking the SIP and related RTP packets in kernel iptables
rules and then sniffing just marked packets?
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir at jabber.org
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list