Using tcpdump for SIP and RTP Diagnostic (tcpdump examples)

Using tcpdump for SIP and RTP Diagnostic (tcpdump examples)

The tcpdump is a powerful command-line packet analyzer may use for for dumping traffic on a network. For more information about tcpdump options see man pages.

Below you see tcpdump command examples filter for diagnostic VoIP SIP

Install tcpdump

To install tcpdump in Linux:

Install tcpdump Debian / Ubuntu

$ sudo apt-get update
$ sudo apt-get install tcpdump

Install tcpdump CentOS / Redhat

# yum install tcpdump

Tcpdump SIP

To filter and dump into file only SIP packets:

# tcpdump -i eth0 -n -s 0 port 5060 -v -w dump.cap

Where is:

-i eth0 – Ethernet interface (change to yours)

-v – verbose

-w dump.cap – dump to the file

Example output:

Tcpdump SIP

Tcpdump Filter SIP Invite

Tcpdump filter SIP Invite can done with grep:

# tcpdump -i eth0 -n -s 0 port 5060 -vvv | grep 'INVITE '

Example output:

tcpdump Filter SIP Invite

tcpdump Filter SIP Invite

Tcpdump SIP and RTP Packets

Filter SIP and RTP packets and dump to dump.cap file:

# tcpdump -i eth0 -n -s 0 udp port 5060 or udp portrange 16384-32768 -v -w dump.cap

16384-32768 –  In this case FreeSwitch RTP/ RTCP multimedia streaming ports, for Asterisk use UDP port range 10000-20000

Tcpdump Specify IP address

To make more convenient debugging process we can specify host IP address where an from comes packets.

# tcpdump -i eth0 host and port 5060 -n -s 0 -vvv

If you like what you are reading, please:

Buy me a coffeeBuy me a coffee


Leave a Reply