[asterisk-users] OT: Capture Asterisk traffic
Salvatore Giudice
Salvatore.Giudice at VoIPSecurityTraining.com
Wed May 2 07:59:22 MST 2007
Sounds like you have an old libpcap.
Try using this:
tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 'udp[2:2] >= 5060 and
udp[2:2] <= 65534'
This works on one of my machine that has a libpcap that doesn't support
portrange. I guess you can't use macros to define the port range. So, you'll
have to reference the header values directly. 0:2 is src port and 2:2 is dst
port.
Try that. It may work. Or you could try to upgrade libpcap.
--------------------------------------------------
Salvatore Giudice
Salvatore.Giudice at VoIPSecurityTraining.com
VoIP Security Training, LLC
http://VoIPSecurityTraining.com
848 N. Rainbow Blvd. #1676
Las Vegas, NV 89107
Phone: (617) 959-7625
Fax: (214) 279-2906
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of CSB
Sent: Wednesday, May 02, 2007 4:50 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] OT: Capture Asterisk traffic
>I think you want:
>
> tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp dst portrange
> 5060-65534
>
Thanks
tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst portrange
5060-35000
tcpdump: unknown host 'portrange'
tcpdump version 3.8
libpcap version 0.8.3
man tcpdump indicates that I should be able to use >= syntax but it doesn't
work as expected. Any further advice appreciated.
Cameron
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list