sngrep 命令

常用示例

说明

sngrep is a terminal-based tool for capturing and analyzing SIP (Session Initiation Protocol) traffic used in VoIP systems. It provides an interactive ncurses interface that displays active SIP dialogs, call flow diagrams with directional arrows, and full message content including headers and body. The tool captures SIP packets in real time from network interfaces or reads previously captured pcap files for offline analysis. Filters narrow results by SIP method, source or destination address, and custom BPF expressions. Captured traffic can be saved to pcap format for later review or sharing with other analysis tools. Call flow visualization is the tool's standout feature, showing the sequence of SIP messages (INVITE, 200 OK, ACK, BYE) between endpoints with timing information. This makes it particularly effective for diagnosing VoIP call setup failures, registration problems, and codec negotiation issues.

参数

-d _DEVICE_

Capture device (or comma-separated list).

-I _FILE_

Read packets from pcap file.

-O _FILE_

Save captured packets to pcap file.

-c

Only display dialogs starting with INVITE.

-l _LIMIT_

Maximum number of dialogs to capture.

-N

No interface mode (capture only).

-q

Quiet mode (suppress output in no-interface mode).

-r

Capture RTP packet payloads.

-R

Rotate calls when capture limit is reached.

-k _FILE_

RSA private key for TLS decryption.

-B _SIZE_

Pcap buffer size in MB (default: 2).

-H _URL_

Send captured packets to Homer sipcapture URL.

-f _FILE_

Load specific configuration file.

-D

Print active configuration and exit.