Skip to content

How To: Asterisk Sip or VOIP Debug and TCPDump w/ Ngrep Tutorial

by Jon on February 22nd, 2011

Sip debugging is a popular topic these days with so many VOIP implementations. Often to troubleshoot and fix a problem with a VOIP system sip debugging is involved. There are a few ways to get the desired output to resolve the problem quickly. Here are a couple of methods that can be very helpful.

1. The first method is invoked directly from the asterisk command line interface and allows to watch the output of the calls.

asterisk -r
sip set debug peer outbound-peer

This method will generate the sip debug for the peer that is specified, “outbound-peer”, to get a list of the peers run the asterisk cli command below:

sip show peers
2501                       (Unspecified)    D   N      0        Unmonitored
outbound-peer             XXX.XXX.XXX.3                5060     Unmonitored
38 sip peers [Monitored: 0 online, 0 offline Unmonitored: 16 online, 22 offline]

2. The second method that works well is using ngrep to get output of the packets in real-time on the console, this way you can pinpoint the problem with a specific ip address or provider. To use ngrep you will need the following information, the ip address or domain name and port of the provider you are trying to watch.

First you will need to install ngrep do this with the following list of commands.

cd /usr/src
tar jxf ngrep-1.45.tar.bz2
cd ngrep-*
make install

Now ngrep is installed it is now able to be used, here is an example of watching the output live on the console, this is an example of what the command is and what output would look like. To stop the command use “control + c.”

ngrep port 5060
interface: eth0 (XXX.XXX.XXX.XXX/
filter: (ip) and ( port 5060 )
U XXX.XXX.XXX.194:5060 -> XXX.XXX.XXX.162:5060
  SIP/2.0 180 Ringing..v: SIP/2.0/UDP XXX.XXX.XXX.162:5060;branch=z9hG4bK4d49b6
  7d;rport=5060..t: ;tag=vr0
  8a00da2s..f: "2512" ;tag=as737e6f1
  f..m: ..i: 0ff2e8392da0e9c57b1e22b76a68 102 INVITE..Allow: INVITE,ACK,
  .PD: 018839....

If you are troubleshooting an ip address that gets a lot of traffic and watching it via the console is not working logging to a file is as simple as using the “>” option to view the contents not at real-time. An example is below. Again use “control + c” to stop the logging.

ngrep port 5060 > /usr/src/ngrep-test-output.txt

This should get you started with debugging SIP problems or even apply this to HTTP or any other protocol that you use. If you have any questions leave a comment below and I will answer it for you.

From → Linux, VOIP

One Comment
  1. Excellent article, thanks for share buddy :)

Leave a Reply

Note: XHTML is allowed. Your email address will never be published.

Subscribe to this comment feed via RSS

%d bloggers like this: