On Wed, 31 May 2017, Barry Flanagan wrote:> sngrep?Isn't sngrep a great tool? Since discovering it my use of tcpdump/wireshark has cratered. Being able to compare an INVITE that worked with one that didn't (with color highlighting) rocks. -- Thanks in advance, ------------------------------------------------------------------------- Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST https://www.linkedin.com/in/steve-edwards-4244281
Jeff LaCoursiere
2017-May-31 21:24 UTC
[asterisk-users] OT: Want to capture all SIP messages
On 05/31/2017 04:13 PM, Steve Edwards wrote:> On Wed, 31 May 2017, Barry Flanagan wrote: > >> sngrep > > Isn't sngrep a great tool? Since discovering it my use of > tcpdump/wireshark has cratered. > > Being able to compare an INVITE that worked with one that didn't (with > color highlighting) rocks.On sites where I want an always available packet history I use tcpdump with the -C and -W options to manage a ring buffer of X bytes. Then you can use cool tools like sngrep or really anything that operates on pcap files at whim. Cheers, j
> On 1/06/2017, at 9:24 AM, Jeff LaCoursiere <jeff at jeff.net> wrote: > > On 05/31/2017 04:13 PM, Steve Edwards wrote: >> On Wed, 31 May 2017, Barry Flanagan wrote: >> >>> sngrep >> >> Isn't sngrep a great tool? Since discovering it my use of tcpdump/wireshark has cratered. >> >> Being able to compare an INVITE that worked with one that didn't (with color highlighting) rocks. > > On sites where I want an always available packet history I use tcpdump with the -C and -W options to manage a ring buffer of X bytes. Then you can use cool tools like sngrep or really anything that operates on pcap files at whim. > > Cheers,Heya Steve I use the same Jeff recommended. Eg this command would capture SIP traffic in capture files up to 100Mbytes each, with a maximum of 10 files in play and overwriting the oldest automatically: tcpdump -i eth0 -w rollingSIPtrace. -C 100 -W 10 port 5060 Eventually you'd end up with files called 'rollingSIPtrace.00' through to 'rollingSIPtrace.09', and when rollingSIPtrace.09 reaches 100MB, overwriting of rollingSIPtrace.00 (then rollingSIPtrace.01 etc) would commence. Does that achieve your goal? Or was the problem that if your server restarts and the command auto-executes at boot time then the first file overwritten will be rollingSIPtrace.00, not necessarily whichever file was the last modified? Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20170601/528c2802/attachment.pgp>