{"id":316,"date":"2012-11-09T22:09:07","date_gmt":"2012-11-09T22:09:07","guid":{"rendered":"http:\/\/cyber-cottage.co.uk\/en\/?p=316"},"modified":"2020-10-12T09:29:36","modified_gmt":"2020-10-12T08:29:36","slug":"sip-debugging-with-wireshark","status":"publish","type":"post","link":"https:\/\/www.cyber-cottage.co.uk\/?p=316","title":{"rendered":"Sip debugging with wireshark"},"content":{"rendered":"<p>Wireshark and<a href=\"http:\/\/www.cloudshark.org\" target=\"_blank\" rel=\"noopener noreferrer\"> Cloudshark<\/a> are invaluable tools for debugging sip and iax issues on your Asterisk server.<\/p>\n<p>Here we have a short Video that goes over the basics of getting a call captured and opened in Cloudshark<\/p>\n<span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe loading=\"lazy\" class=\"youtube-player\" width=\"580\" height=\"327\" src=\"https:\/\/www.youtube.com\/embed\/2JCVrOpIes0?version=3&#038;rel=0&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-GB&#038;autohide=2&#038;wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\"><\/iframe><\/span>\n<p>we also have a short tutorial for download\u00a0<a href=\"http:\/\/book5.org\/w\/wireshark-voip-debugging-w390-pdf.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>\u00a0in PDF format<\/p>\n<p>First we need to get the packets we want. This is far simpler than its\u00a0thought. We use a simple command line tool called tcpdump, if its not installed install it\u00a0now, You wont be able to live without it.<\/p>\n<p>Here we have 2 commands, The first captures packets on interface eth0, -n means we\u00a0won&#8217;t convert addresses, -w means we just capture raw packets and udp means its\u00a0only the udp packets we want and finally port 5060 means its only the sip messaging\u00a0we want. In the second we dont specify port 5060 so that we get the rtp stream as well.<\/p>\n<pre>\/usr\/sbin\/tcpdump -n -i eth0 -w \/tmp\/wireshark.pcap -s2000 udp port 5060\n \/usr\/sbin\/tcpdump -n -i eth0 -w \/tmp\/wireshark.pcap -s2000 udp<\/pre>\n<pre>screen -S \"udpDump\" -dm tcpdump -n -i eth0 -C 9 -W 15 -w \/var\/log\/asterisk\/dumpsip.pcap -s2000 udp port 5060<\/pre>\n<p>The command above will write to file in the background and will rotate at 9 meg so suitable for cloudshark<\/p>\n<p>Once you have started the capture and made a call as required you will get a file called\u00a0for example \/tmp\/wireshark.pcap copy this to your workstation via ftp or sftp as you\u00a0would copy any file.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wireshark and Cloudshark are invaluable tools for debugging sip and iax issues on your Asterisk server. Here we have a short Video that goes over the basics of getting a call captured and opened in Cloudshark we also have a short tutorial for download\u00a0here\u00a0in PDF format First we need to get the packets we want. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[11],"tags":[23,33,35,37,51,73,100,76,77],"class_list":["post-316","post","type-post","status-publish","format-standard","hentry","category-knowledge","tag-asterisk","tag-digium","tag-elastix","tag-ethernet","tag-linux","tag-support","tag-technical","tag-voip","tag-xorcom"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p5daZy-56","jetpack_sharing_enabled":true,"jetpack_likes_enabled":false,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=316"}],"version-history":[{"count":4,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/316\/revisions"}],"predecessor-version":[{"id":1369,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/316\/revisions\/1369"}],"wp:attachment":[{"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cyber-cottage.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}