Tethereal -i eth0 -w /home/capture.pcap port 5060Ĭapture SIP Traffic only for specific IP tethereal -i eth0 -w /home/siptrace.pcap port 5060 and host 123.123.123.123Ĭapture SIP traffic on port 5060 and RTP traffic tcpdump -i eth0 udp port 5060 or udp portrange 10000-20000 -s 0 -w capture.capĬapture SIP traffic on port 5060 and RTP traffic into split files tcpdump -i eth0 udp port 5060 or portrange 10000-20000 -s 0 -C 200 -Z root -w captureĬapture SIP traffic on port 5060 and RTP traffic for specific IP address tcpdump -i eth0 port 5060 and host 192.168.0.192 or 192.168.0.8 or udp portrange 10000-20000 -s 0 -w capture.pcap Often, we are only interested in SIP traffic (which by default is sent/received on 5060 port), so to capture only SIP traffic you can use this command: If you have many calls, capturing all traffic will result in huge file after few minutes. You can send captured file capture.pcap from your server and open with Wireshark GUI and analyse the packets. Packets will be saved to directory /home/capture.pcap To save a dump of packets please stop capturing by pressing ctrl+c When you run this command in your server, your interface can have other name (eth1, em1, etc), so you need to put your server actual interface name. Please note that in this example and other examples bellow we are using network interface eth0. To install Wireshark put this command to Terminal: More information about Wireshark can be found here It let you capture and interactively browse the traffic running on a computer network. Wireshark is the world's foremost network protocol analyzer. 1.2.2.4 Capture SIP traffic on port 5060 and RTP traffic for specific IP address.1.2.2.3 Capture SIP traffic on port 5060 and RTP traffic into split files.1.2.2.2 Capture SIP traffic on port 5060 and RTP traffic.1.2.2.1 Capture SIP Traffic only for specific IP.
0 kommentar(er)
