Ask Your Question
0

capture sip calls with dumpcap

asked 2023-08-27 12:35:30 +0000

dtwizer1992 gravatar image

updated 2023-08-27 12:36:19 +0000

hello everyone , i usually use this dumpcap to capture sip calls if is there any voice problems ;

dumpcap.exe -b files:100 -b filesize:150000 -w d:\wrlog\hak.cap -i1

Is there any way to be more specific and include only sip calls ,rtp and udp ports ?

i have a lot of useless details on this files .

thanks a lot

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-08-27 12:55:06 +0000

Chuckc gravatar image

updated 2023-08-27 13:16:07 +0000

Wiki page: Real-time Transport Protocol (RTP)

If using the standard sip port (sip 5060/tcp/udp/sctp # SIP), add a capture filter (-f "port 5060") to dumpcap.

To include rtp it would help to know the port range being used:
-f "portrange 6970-6999 or port 5060"

(Capture filter syntax: pcap-filter.7)

edit flag offensive delete link more

Comments

hey thanks but if i filter only for "port 5060" i miss rtp . i want to see full trace of sip call includin voice

dtwizer1992 gravatar imagedtwizer1992 ( 2023-08-27 13:11:30 +0000 )edit

Answer updated to include rtp.

Chuckc gravatar imageChuckc ( 2023-08-27 13:16:58 +0000 )edit

and if my callcenter use port range of 49000-49999 for rtp but my PBX use port range of 2000-5000 ? should i must put a range of 2000-49999 ?

dtwizer1992 gravatar imagedtwizer1992 ( 2023-08-27 13:40:41 +0000 )edit

-f "portrange 49000-49999 or portrange 2000-5000 or port 5060"

Chuckc gravatar imageChuckc ( 2023-08-27 18:06:30 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2023-08-27 12:35:30 +0000

Seen: 165 times

Last updated: Aug 27 '23