Basic SIP message flows analysis tools
This post presents the very basic knowledge of how to capture and analyze basic SIP message flow for those who are beginners in VoIP.
Today VoIP system are working in the Server-Client model, which means every SIP client that want to initiate a call, it must communicate with the SIP server by sending and receiving a flow of SIP messages. In the real world, SIP clients are usually hard phones and it is not simple to capture SIP message flow on those clients. The best place to capture SIP message flow is the SIP server where you can easily install a variety of tools that make your work easier. And some popular tools are tcpdump, sngrep and wireshark.
sngrep
sngrep is the most simple and powerful tool to capture and analyze SIP message flow. It is recommended to use sngrep for capture and analyze SIP message flows.
root@asterisk19:/etc/asterisk# sngrep 5060
Once sngrep started, it displays every SIP messages flow on the system in separate threads. To view a messages flow and SIP headers, simply navigate to that thread and ENTER.
tcpdump
A very simple single command line tool which can be used to capture SIP messages flow and save to a file for later usage rather than a live analysis.
tcpdump -i any port 5060 -s 0 -w /tmp/filename.pcapwireshark
A powerful but heavy-weight tool. It is not recommended to install wireshark on a SIP server. But wireshark can be used to analyse SIP messages flow in a .pcap file which is captured by tcpdump on SIP server.