I need to capture SIP and RTP traffic to find a problem with something. I can capture SIP messages fine but am having a problem with capturing the RTP traffic.
I've tried the following but this is only getting out the SIP packages and no RTP.
tcpdump -T rtp -vvv src -s 1500 -i any -w /home/lantrace_test2.pcap port 5060
The other way I was thinking of doing it is as rtp uses a range of UDP ports, capturing the range that we are using for the RTP traffic but I can't find a way of capturing a range of ports so not sure if tcpdump supports port ranges for capture
Thanks for any help you can provide
Capturing only SIP traffic using the Tcpdump:-s = How many bytes of data to grab from each packet, zero means use the required length to catch whole packets. port = What port to listen to, 5060 is the default port for SIP. -vvv = Even more, verbose output, this will give you as many details as possible.
tcpdump Filter Packets – Capture all the packets other than arp and rarp.
Your SIP traffic runs over 5060, as you know, but the port on which to sniff RTP is described by the SDP bodies of the SIP messages. In other words, there's no way to know on which ports to sniff until the offer/answer exchange has completed.
If you know something about the user agents involved, then you could try tricks like capturing traffic on a range of ports. (Something like tcpdump -n dst portrange 10000-11000
for instance.)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With