TCPDUMP
TCPdump is a powerful command-line packet analyser which we recommend for general SIP message analysing. TCPdump is preinstalled on many linux distributions, or may be installed directly from the Debian repository:
sudo apt-get update && apt-get install tcpdump
Manual:
http://www.tcpdump.org/tcpdump_man.html
Capturing SIP/RTP Examples:
Real-time traffic dump (port 5060):
tcpdump -nq -s 0 -A -vvv -i eth0 port 5060
Dump to file (port 5060):
tcpdump -nq -s 0 -i eth0 -w /tmp/dump.pcap port 5060
Dump to file (capture all packets on interface eth0):
tcpdump -i eth0 -s 0 -w /tmp/test2.pcap
Other useful options:
See the list of interfaces on which tcpdump can listen:
tcpdump -D
Listen on interface eth0:
tcpdump -i eth0
Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater):
tcpdump -i any
Be verbose while capturing packets:
tcpdump -vvv
Be verbose and print the data of each packet in both hex and ASCII, excluding the link level header:
tcpdump -v -X
Be verbose and print the data of each packet in both hex and ASCII, also including the link level header:
tcpdump -v -XX
Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers):
tcpdump -n
Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n dst host 192.168.1.1
Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n src host 192.168.1.1
Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n host 192.168.1.1
Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n dst net 192.168.1.0/24
Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n src net 192.168.1.0/24
Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n net 192.168.1.0/24
Comments
0 comments
Article is closed for comments.