Archive for May 18th, 2017

Linux: run a command with a time limit

Thursday, May 18th, 2017

Need to run tcpdump at night writing to a pcap file? Not a problem with a crond.
Need to stop it after 10 minutes? One more crond task initiating something like ‘ps aux | grep [t]cpd’, parsing it PID and killing it? No!

timeout 10m tcpdump -v -pnni eth0 udp src port 5060 and dst port 5060 and host -w pbx_`date +%F_%H-%M`.pcap

timeout – a nice GNU coreutil.

SIP debugging: catch only certain types of messages

Thursday, May 18th, 2017

Let’s say you need to catch INVITEs only. In this case do:
ngrep -q -W byline -d eth0 INVITE\ sip

‘-W byline’ means to print each SIP packet in readable text mode, line by line
‘-q’ means to be quiet, not to print packet reception hash marks. Without this option your screen will fill up with ###### signs between captured types of packets.
‘-d eth0’ it’s clear
‘INVITE\ sip’ means show INVITEs only. Be careful: if you type ‘INVITE’ word only, you’ll catch nearly every SIP packet, as not only INVITE requests contain the word ‘INVITE’. For example a reply for OPTION request also contains this word among allowed mwthods described in the ‘Allow:’ header field.

And each INVITE request has a request-line like
I mean starting with ‘INVITE’ word, following space and following ‘sip’ word.