Troubleshooting SIP Service with ngrep

If you are using VoIP (Voice over IP) then at some point you must have to troubleshoot the call flow to find where the problem is. There are many tools you can use. To teach you exactly how to use a protocol analyzer is beyond the scope of this material; however, we will give you some tips on analyzing SIP and RTP packets. Bear in mind these tools can do much much more than what I illustrate here. I will be using these tool just to capture VoIP traffic.

Most common used tool are: Ngrep, Wireshark, TCPdump.

Ngrep:
We often use ngrep to monitor our VoIP services, because it is very simple and light. If you don’t have it installed, then you can download it from this link
http://yum.trixbox.org/centos/5/old/repodata/repoview/ngrep-0-1.45-1.el5.rf.html
http://yum.trixbox.org/centos/5/old/ngrep-1.45-1.el5.rf.i386.rpm

This command will capture everything on SIP port (I know this can capture any network activity, but I am using it for VoIP on SIP ) and dump the data on the screen. Easiest way to know how your system in interacting with your vendor or client.
See everything on your system on SIP protocol.

ngrep port 5060

If you want to filter the traffic based on phone number
ngrep ‘9498859944’ port 5060

If you want to filter traffic based on IP address
ngrep ‘IPAddress’ port 5060
Example
ngrep ‘209.201.2.255’ port 5060

Other important options
-t     Print a timestamp in the form of YYYY/MM/DD
-T     Print a timestamp in the form of +S.UUUUUU, indicating the delta between packet matches.
Example
ngrep  -t ‘9498859944’ port 5060
ngrep  -T ‘9498859944’ port 5060

As I said there are lot more options read man pages ‘man ngrep’, but this is good enough to see the call flow on your system.

VoIP Provider,
www.didforsale.com