2 like 1 dislike
in Education & Reference by (1.4k points)
I want to capture SIP logs and want to see realtime sip logs, so can you guide me how to install sngrep utility on centos and commands if possible

2 Answers

1 like 0 dislike

To install sngrep you will need:

Connect to the SBC via SSH as a root
At CLI level create the repo file:
vi /etc/yum.repos.d/irontec.repo

name=Irontec RPMs repository

Install Repository Public Key:
rpm --import http://packages.irontec.com/public.key

Install Package
yum -y install sngrep

At this point you are ready to stat using sngrep

Command line arguments

There are some arguments that can be used from the command line to change the default sngrep behaviour

sngrep [-hVciv] [-HL udp:addressport] [-IO pcap_dump] [-d dev] [-l limit] [-k keyfile] [] []
-h or --help: Display help and usage information
-V or --version: Display version information
-I or --input : Read packets from pcap file instead of network devices. This option can be used with bpf filters
-O or --output : Save all captured packets to a pcap file
-d or --device : Live capture from network device (by default, sngrep captures from all devices)
-k or --keyfile : Use private keyfile to decrypt TLS captured packets
-c or --calls: Only display dialogs starting with an INVITE request
-l or --limit: Change default capture limit
-i or --icase: Make match expression case insensitive
-v or --invert: Invert match expression
-N or --no-interface: Don't display sngrep interface, just capture
-q or --quiet: Don't print captured dialogs in no interface mode
-D or --dump-config: Print configured keybindings and settings after reading system and user resource files.
-H or --eep-send: Send captured data to other Homer/sngrep (udp:
-L or --eep-listen: Received captured data from other captagent/sngrep (udp:
: Match given expression in Messages' payload. If one request message matches the given expression, the following messages within the same dialog will be also captured.
: Filter captured/readed packets using a BPF filter
For example, capturing all SIP packets from all devices that has source or destination port 5060

sngrep port 5060

Or displaying SIP packets from eth0 device that has as source or destiny through the 5061 port, saving them to /tmp/sip_capture.pcap

sngrep -d eth0 -O /tmp/sip_capture.pcap host port 5061

Or displaying all SIP packets for a given host in sip_capture.pcap PCAP file

sngrep -I /tmp/sip_capture.pcap host

0 like 0 dislike
by (3k points)

You can use Irontec repositories for some of CentOS (5,6,7,8)
Binaries are built only for amd64 and i386 architectures without SSL support.

Add Irontec repo information to /etc/yum.repos.d/irontec.repo

For Centos 8

name=Irontec RPMs repository

Add Irontec repositories public key:

rpm --import http://packages.irontec.com/public.key
And install the package

yum install sngrep
If you find trouble installing due to gpg errors try

yum --nogpgcheck install sngrep

by (110 points)
0 0

1. Goto>>>>>vim /etc/yum.repos.d/irontec.repo

2.change it >>>>> baseurl=http://packages.irontec.com/centos/6/$basearch/

to >>>> baseurl=http://packages.irontec.com/centos/7/$basearch/

save & exit.

3.yum -y install sngrep

Related questions

2 like 0 dislike
0 answers 90 views
2 like 0 dislike
2 answers 147 views
0 like 0 dislike
1 answer 104 views
1 like 0 dislike
1 answer 205 views
0 like 0 dislike
1 answer 1k views
asked Nov 16, 2013 in Education & Reference by Sam (1.4k points)
1 like 0 dislike
1 answer 363 views
1 like 0 dislike
1 answer 525 views
0 like 0 dislike
2 answers 5k views
1 like 0 dislike
1 answer 187 views
1 like 0 dislike
1 answer 163 views

Where your donation goes
Technology: We will utilize your donation for development, server maintenance and bandwidth management, etc for our site.

Employee and Projects: We have only 15 employees. They are involved in a wide sort of project works. Your valuable donation will definitely boost their work efficiency.

How can I earn points?
Awarded a Best Answer 10 points
Answer questions 10 points
Asking Question -20 points