{"id":1045,"date":"2017-05-18T19:21:55","date_gmt":"2017-05-18T14:21:55","guid":{"rendered":"http:\/\/alexeyka.zantsev.com\/?p=1045"},"modified":"2021-02-28T01:38:52","modified_gmt":"2021-02-27T20:38:52","slug":"sip-debugging-catch-only-certain-types-of-messages","status":"publish","type":"post","link":"https:\/\/alexeyka.zantsev.com\/?p=1045","title":{"rendered":"SIP debugging: catch only certain types of messages"},"content":{"rendered":"<p>Let&#8217;s say you need to catch INVITEs only. In this case do:<br \/>\n<code>ngrep -q -W byline -d eth0 INVITE\\ sip<\/code><\/p>\n<p>&#8216;-W byline&#8217; means to print each SIP packet in readable text mode, line by line<br \/>\n&#8216;-q&#8217; means to be quiet, not to print packet reception hash marks. Without this option your screen will fill up with ###### signs between captured types of packets.<br \/>\n&#8216;-d eth0&#8217; it&#8217;s clear<br \/>\n&#8216;INVITE\\ sip&#8217; means show INVITEs only. Be careful: if you type &#8216;INVITE&#8217; word only, you&#8217;ll catch nearly every SIP packet, as not only INVITE requests contain the word &#8216;INVITE&#8217;. For example a reply for OPTION request also contains this word among allowed mwthods described in the &#8216;Allow:&#8217; header field.<\/p>\n<p>And each INVITE request has a request-line like<br \/>\n<code>INVITE sip:123@dmn.co...<\/code><br \/>\nI mean starting with &#8216;INVITE&#8217; word, following space and following &#8216;sip&#8217; word.<\/p>\n<p><a href=\"https:\/\/alexeyka.zantsev.com\/wp-content\/uploads\/2017\/05\/ngrep_invite.png\"><img loading=\"lazy\" decoding=\"async\" width=\"739\" height=\"472\" class=\"aligncenter size-full wp-image-1049\" src=\"http:\/\/alexeyka.zantsev.com\/wp-content\/uploads\/2017\/05\/ngrep_invite.png\" alt=\"\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Let&#8217;s say you need to catch INVITEs only. In this case do: ngrep -q -W byline -d eth0 INVITE\\ sip &#8216;-W byline&#8217; means to print each SIP packet in readable text mode, line by line &#8216;-q&#8217; means to be quiet, not to print packet reception hash marks. Without this option your screen will fill up [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[218,88],"class_list":["post-1045","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-ngrep","tag-sip"],"_links":{"self":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/1045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1045"}],"version-history":[{"count":8,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/1045\/revisions"}],"predecessor-version":[{"id":3657,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/1045\/revisions\/3657"}],"wp:attachment":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1045"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1045"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}