Žilinská univerzita > Fakulta riadenia a informatiky > Katedra informačných sietí

Using ipgrab for SIP diagnostic

Ipgrab is an network protocol grab utility which may be used for a SIP message sniffing/analyzing. Ipgrab may be installed directly from debian repository:

apt-get install ipgrab

The usage for SIP message analysis may look like

ipgrab -i eth0 -lmnt port 5060
ipgrab 0.9.9
Listening on device eth0 (ethernet)
1 1317991855.410595 SIP INVITE sip:jan@ps.sip.uniza.sk SIP/2.0
2 1317991855.412129 SIP SIP/2.0 407 Proxy Authentication Required
3 1317991855.414234 SIP ACK sip:jan@ps.sip.uniza.sk SIP/2.0
4 1317991855.416493 SIP INVITE sip:jan@ps.sip.uniza.sk SIP/2.0
5 1317991855.418473 SIP SIP/2.0 100 trying -- your call is important to us
6 1317991855.418726 SIP INVITE sip:jan@;transport=udp SIP/2.0


-i - is an interface on which listen to

-m  - minimal mode output.

-n - don’t display network layer headers

-t - don’t display transport layer headers.

port 5060 - tcpdump like expresion which specify port number

More info inside of the manual or use man pages for ipgrab and tcpdump (expresions).