Categories
Knowledge Base

Sip debugging with wireshark

Wireshark and Cloudshark are invaluable tools for debugging sip and iax issues on your Asterisk server.

Here we have a short Video that goes over the basics of getting a call captured and opened in Cloudshark

we also have a short tutorial for download here in PDF format

First we need to get the packets we want. This is far simpler than its thought. We use a simple command line tool called tcpdump, if its not installed install it now, You wont be able to live without it.

Here we have 2 commands, The first captures packets on interface eth0, -n means we won’t convert addresses, -w means we just capture raw packets and udp means its only the udp packets we want and finally port 5060 means its only the sip messaging we want. In the second we dont specify port 5060 so that we get the rtp stream as well.

/usr/sbin/tcpdump -n -i eth0 -w /tmp/wireshark.pcap -s2000 udp port 5060
 /usr/sbin/tcpdump -n -i eth0 -w /tmp/wireshark.pcap -s2000 udp
screen -S "udpDump" -dm tcpdump -n -i eth0 -C 9 -W 15 -w /var/log/asterisk/dumpsip.pcap -s2000 udp port 5060

The command above will write to file in the background and will rotate at 9 meg so suitable for cloudshark

Once you have started the capture and made a call as required you will get a file called for example /tmp/wireshark.pcap copy this to your workstation via ftp or sftp as you would copy any file.