Emulate your network interface bandwidth in both directions:
tc qdisc add dev venet0 handle 1: root htb default 11
tc class add dev venet0 parent 1: classid 1:1 htb rate 1kbps
tc class add dev venet0 parent 1:1 classid 1:11 htb rate 1kbps
Show rules:
tc -d qdisc
tc -s qdisc
Delete certain rule and all rules respectively:
tc class del dev venet0 parent 1:1 classid 1:11 htb rate 1kbps
tc qdisc del dev venet0 root
Need to run tcpdump at night writing to a pcap file? Not a problem with a crond.
Need to stop it after 10 minutes? One more crond task initiating something like ‘ps aux | grep [t]cpd’, parsing it PID and killing it? No!
timeout 10m tcpdump -v -pnni eth0 udp src port 5060 and dst port 5060 and host 10.11.7.1 -w pbx_`date +%F_%H-%M`.pcap
timeout – a nice GNU coreutil.
Let’s say you need to catch INVITEs only. In this case do:
ngrep -q -W byline -d eth0 INVITE\ sip
‘-W byline’ means to print each SIP packet in readable text mode, line by line
‘-q’ means to be quiet, not to print packet reception hash marks. Without this option your screen will fill up with ###### signs between captured types of packets.
‘-d eth0’ it’s clear
‘INVITE\ sip’ means show INVITEs only. Be careful: if you type ‘INVITE’ word only, you’ll catch nearly every SIP packet, as not only INVITE requests contain the word ‘INVITE’. For example a reply for OPTION request also contains this word among allowed mwthods described in the ‘Allow:’ header field.
And each INVITE request has a request-line like
INVITE sip:123@dmn.co...
I mean starting with ‘INVITE’ word, following space and following ‘sip’ word.
