Troubleshooting and debug VoIP SIP by ngrep command

How to troubleshooting and debug VoIP SIP by ngrep commandSIP

1. Before starting, you have to install ngrep command in your system. You can find that guide in our site.

2. How to use ngrep to debug VoIP SIP service.

2a. Sniffer port 5060 is the most common command

[root@uc ~]# ngrep -qt -W byline port 5060
interface: eth0 (192.168.0.0/255.255.255.0)
filter: (ip or ip6) and ( port 5060 )T 2013/04/27 05:59:09.541776 192.168.0.200:52018 -> 192.168.0.114:5060 [A]……T 2013/04/27 05:59:09.541837 192.168.0.200:52018 -> 192.168.0.114:5060 [AP]
REGISTER sip:openuctest.com SIP/2.0.
Via: SIP/2.0/TCP 192.168.0.200:36752;branch=z9hG4bK-d8754z-95798a09824c9c00-1—d8754z-;rport.
Max-Forwards: 70.
Contact: <sip:200@192.168.0.200:36752;rinstance=85aa8608b85349aa;transport=TCP>.
To: “200”<sip:200@openuctest.com>.
From: “200”<sip:200@openuctest.com>;tag=745f025a.
Call-ID: N2E0NDg0NTdlYmFmNTY2NjM0NGNmOWNkNDE1YWM0YmE..
CSeq: 1 REGISTER.
Expires: 3600.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO.
Supported: replaces.
User-Agent: Bria Professional release 2.4 stamp 49381.
Content-Length: 0.
.
T 2013/04/27 05:59:10.478656 192.168.0.114:5060 -> 192.168.0.200:52018 [AP]
SIP/2.0 408 Request timeout.
From: “200”<sip:200@openuctest.com>;tag=745f025a.
To: “200”<sip:200@openuctest.com>;tag=VmNa8r.
Call-Id: N2E0NDg0NTdlYmFmNTY2NjM0NGNmOWNkNDE1YWM0YmE..
Cseq: 1 REGISTER.
Via: SIP/2.0/TCP 192.168.0.200:36752;branch=z9hG4bK-d8754z-95798a09824c9c00-1—d8754z-;rport=52018.
Server: sipXecs/4.6.0 sipXecs/sipXproxy (Linux).
Content-Length: 0.
.T 2013/04/27 05:59:10.678860 192.168.0.200:52018 -> 192.168.0.114:5060 [A]
……
^C[root@uc ~]#

2b. Sniffer and filter IP address 192.168.0.200

[root@uc ~]# ngrep -qt 192.168.0.200 -W byline port 5060
interface: eth0 (192.168.0.0/255.255.255.0)
filter: (ip or ip6) and ( port 5060 )
match: 192.168.0.200T 2013/04/27 06:01:19.031796 192.168.0.200:52030 -> 192.168.0.114:5060 [AP]
REGISTER sip:openuctest.com SIP/2.0.
Via: SIP/2.0/TCP 192.168.0.200:8384;branch=z9hG4bK-d8754z-7b2b87157936f42c-1—d8754z-;rport.
Max-Forwards: 70.
Contact: <sip:200@192.168.0.200:8384;rinstance=7d9c5ddd0c6a8218;transport=TCP>.
To: “200”<sip:200@openuctest.com>.
From: “200”<sip:200@openuctest.com>;tag=4f058e34.
Call-ID: MTIxNjZlZjZjNGM2MmJjNjdiMTgxNTljNmZiYTE3ZTU..
CSeq: 1 REGISTER.
Expires: 3600.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO.
Supported: replaces.
User-Agent: Bria Professional release 2.4 stamp 49381.
Content-Length: 0.
.
T 2013/04/27 06:01:19.167241 192.168.0.114:5060 -> 192.168.0.200:52030 [AP]
SIP/2.0 408 Request timeout.
From: “200”<sip:200@openuctest.com>;tag=4f058e34.
To: “200”<sip:200@openuctest.com>;tag=cmZzCe.
Call-Id: MTIxNjZlZjZjNGM2MmJjNjdiMTgxNTljNmZiYTE3ZTU..
Cseq: 1 REGISTER.
Via: SIP/2.0/TCP 192.168.0.200:8384;branch=z9hG4bK-d8754z-7b2b87157936f42c-1—d8754z-;rport=52030.
Server: sipXecs/4.6.0 sipXecs/sipXproxy (Linux).
Content-Length: 0.

2c. Sniffer one extension or DDI by ngrep

[root@uc ~]# ngrep -qt 44293827364 -W byline port 5060
interface: eth0 (192.168.0.0/255.255.255.0)
filter: (ip or ip6) and ( port 5060 )
match: 44293827364T 2013/04/27 06:13:22.918537 192.168.0.200:52110 -> 192.168.0.114:5060 [AP]
REGISTER sip:openuctest.com SIP/2.0.
Via: SIP/2.0/TCP 192.168.0.200:51725;branch=z9hG4bK-d8754z-690ed92bf80e6037-2—d8754z-;rport.
Max-Forwards: 70.
Contact: <sip:44293827364@192.168.0.200:51725;rinstance=85f345bc05f0b36a;transport=TCP>.
To: “44293827364”<sip:44293827364@openuctest.com>.
From: “44293827364”<sip:44293827364@openuctest.com>;tag=37604a19.
Call-ID: N2M1Zjk1MTRiMzZkMjMyYTI2YjQzYjYyYjNiOTQyYTQ..
CSeq: 1 REGISTER.
Expires: 3600.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO.
Supported: replaces.
User-Agent: Bria Professional release 2.4 stamp 49381.
Content-Length: 0.
.
T 2013/04/27 06:13:25.486847 192.168.0.114:5060 -> 192.168.0.200:52110 [AP]
SIP/2.0 408 Request timeout.
From: “44293827364”<sip:44293827364@openuctest.com>;tag=37604a19.
To: “44293827364”<sip:44293827364@openuctest.com>;tag=SrLIMo.
Call-Id: N2M1Zjk1MTRiMzZkMjMyYTI2YjQzYjYyYjNiOTQyYTQ..
Cseq: 1 REGISTER.
Via: SIP/2.0/TCP 192.168.0.200:51725;branch=z9hG4bK-d8754z-690ed92bf80e6037-2—d8754z-;rport=52110.
Server: sipXecs/4.6.0 sipXecs/sipXproxy (Linux).
Content-Length: 0.

2d. Sniffer and export to one file.

[root@uc ~]# ngrep -qt -W byline port 5060 > sipdebug

2e. Sniffer sip signal we want REGISTER, INVITE, BYE…

[root@uc ~]# ngrep -W byline -d eth0 INVITE
[root@uc ~]# ngrep -W byline -d eth0 REGISTER

2f. Sniffer sip signal on interface which we want

[root@uc ~]# ngrep -d eth0 -qt -W byline port 5060
interface: eth0 (192.168.0.0/255.255.255.0)
filter: (ip or ip6) and ( port 5060 )

That’s all. Thanks for using IThelpblog.com

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>