Using tcpdump for SIP and RTP Diagnostic (tcpdump examples)
The tcpdump is a powerful command-line packet analyzer may use for for dumping traffic on a network. For more information about tcpdump options see man pages.
Below you see tcpdump command examples filter for diagnostic VoIP SIP
Install tcpdump
To install tcpdump in Linux:
Install tcpdump Debian / Ubuntu
$ sudo apt-get update $ sudo apt-get install tcpdump
Install tcpdump CentOS / Redhat
# yum install tcpdump
Tcpdump SIP
To filter and dump into file only SIP packets:
# tcpdump -i eth0 -n -s 0 port 5060 -v -w dump.cap
Where is:
-i eth0 – Ethernet interface (change to yours)
-v – verbose
-w dump.cap – dump to the file
Example output:
Tcpdump Filter SIP Invite
Tcpdump filter SIP Invite can done with grep:
# tcpdump -i eth0 -n -s 0 port 5060 -vvv | grep 'INVITE '
Example output:
tcpdump Filter SIP Invite
Tcpdump SIP and RTP Packets
Filter SIP and RTP packets and dump to dump.cap file:
# tcpdump -i eth0 -n -s 0 udp port 5060 or udp portrange 16384-32768 -v -w dump.cap
16384-32768 – In this case FreeSwitch RTP/ RTCP multimedia streaming ports, for Asterisk use UDP port range 10000-20000
Tcpdump Specify IP address
To make more convenient debugging process we can specify host IP address where an from comes packets.
# tcpdump -i eth0 host 76.81.27.76 and port 5060 -n -s 0 -vvv
