AI and VoIP Blog

VOIP | AI | Cloud | Kamailio | Open Source

Sngrep: Mastering the Art of SIP Call Analysis and Debugging


Akash Gupta | Sr. VoIP Engineer | MLOps's avatar

Author:

Akash Gupta | Sr. VoIP Engineer | MLOps

Sngrep is a powerful yet user-friendly open source tool for monitoring and debugging SIP (Session Initiation Protocol) traffic in real-time. It allows users to capture and analyze SIP packets, view call details, and troubleshoot issues with VoIP (Voice over Internet Protocol) calls. It also allows users to analyse saved traffic traces. Configuring Sngrep is essential to maximize its capabilities and tailor it to your needs. In this blog post, we’ll explore how to configure Sngrep using the reference page provided on GitHub.

Step 1: Install Sngrep Before we delve into the configuration, we need to install Sngrep. Sngrep is available for various operating systems, including Linux, macOS, and FreeBSD. You can install Sngrep using the following command in the terminal:

sudo apt install -y sngrep  -- Debian/Ubuntu
brew install sngrep         -- MacOS

A complete list of instructions for other OS can be found here.

Step 2: Configure Sngrep Options Sngrep offers various configuration options that you can tailor to meet your needs. The configuration file is located at /etc/sngrep/sngreprc, and you can edit it using your preferred text editor.

Some of the key options that you might want to configure include:

  • pcap_interface: Specifies the network interface to use for capturing SIP packets.
  • pcap_filter: Defines the filter to apply to the captured packets to limit the traffic to SIP packets only.
  • log_file: Specifies the file to which Sngrep will write its logs.
  • log_level: Defines the logging level. The available options are debug, info, warning, error, and critical.

You can find the full list of configuration options and their descriptions on the Sngrep GitHub reference page here.

Step 3: Customize Sngrep Display Sngrep’s default display can be overwhelming, with an abundance of information displayed on the screen. Fortunately, you can customize the display to show only the information that you need.

The display options are located at the bottom of the sngreprc configuration file. Some of the key display options that you might want to customize include:

  • call_info: Specifies the call information to display, such as call ID, source, and destination.
  • columns: Defines the columns to display, such as timestamp, SIP method, and SIP status code.
  • color_scheme: Defines the color scheme for the display.

You can find the full list of display options and their descriptions on the Sngrep GitHub reference page here.

Step 4: Use Sngrep Once you have configured Sngrep to your liking, you can start using it to capture and analyze SIP traffic. To launch Sngrep, simply open a terminal and type “sudo sngrep”. Sngrep will start capturing and displaying SIP packets in real-time.

To filter the captured packets, you can use the search box at the top of the Sngrep display. You can filter packets by various criteria, such as call ID, source, and destination.

Here are some useful commands to capture calls:

sudo sngrep 	# Capture all SIP traffic
sudo sngrep -c	# Only capture calls
sudo sngrep test  # Capture SIP traffic containing the string 'test' in the SIP Request (e.g., caller From header user part contains string 'test')
sudo sngrep -I test.pcap  # Open a locally saved trace

Sngrep provides several shortcuts at the bottom of the screen, as shown below:

Some of the common shortcuts are given below:-
F2 — Save the captured trace
Space bar — Select the call legs
Enter — Show the call legs in a ladder diagram.
F7 — Filter the methods that are displayed on the screen.
Arrow keys — move up and down the list

One of the fun features of Sngrep is the ability to view the RTP packets of a call. To view the RTP streams, follow these steps:

  1. Start Sngrep to begin capturing SIP packets.
  2. In the Sngrep interface, select all the call legs related to the call you’re interested in. You can do this by navigating with the arrow keys and pressing the space bar to select each call leg.
  3. Press Enter to view the selected call legs. This will bring up a ladder diagram showing the SIP message flow for the selected call legs.
  4. Press F3 to switch to the RTP stream view. This will show you the RTP packets associated with the call.

Pro Tip: Comparing SIP Messages Side-by-Side in Sngrep.

How to Do It:

  1. Open sngrep and go to the SIP flow you’re interested in.
  2. Highlight the first SIP message and hit the space bar to select it.
  3. Do the same for the second SIP message.
    Result: Both messages will appear side-by-side for easy comparison as shown below.

Conclusion: Sngrep is a powerful and easy-to-use tool for monitoring and debugging SIP traffic. Configuring Sngrep is essential to maximize its capabilities and tailor it to your needs. In this blog post, we have explored how to configure Sngrep using the reference page provided on GitHub. By following these steps, you can set up Sngrep to capture and analyze SIP traffic in real-time, troubleshoot issues with VoIP calls, and customize the display to show only the information that you need.

Join 752 other subscribers

Leave a comment

Akash Gupta
Senior VoIP Engineer and AI Enthusiast

AI and VoIP Blog

Thank you for visiting the Blog. Hit the subscribe button to receive the next post right in your inbox. If you find this article helpful don’t forget to share your feedback in the comments and hit the like button. This will helps in knowing what topics resonate with you, allowing me to create more that keeps you informed.

Thank you for reading, and stay tuned for more insights and guides!

Discover more from AI and VoIP Blog

Subscribe to get the latest posts sent to your email.

, , ,
Akash Gupta | Sr. VoIP Engineer | MLOps's avatar

Posted by:

Akash Gupta | Sr. VoIP Engineer | MLOps

I am a Sr. VoIP engineer and an Open Source enthusiast with a focus on Voice Over IP and Artificial Intelligence .

Leave a comment