sngrep - SIP Messages flow viewer
sngrep [-hVcivlkNq] [ -IO pcap_dump ] [ -d dev ]
[ -l limit ] [ -k keyfile ] [-LH
capture_url ] [ <match expression> ] [
<bpf filter> ]
sngrep is a terminal tool that groups SIP (Session Initiation Protocol) Messages
by Call-Id, and displays them in arrow flows similar to the used in SIP RFCs.
The aim of this tool is to make easier the process of learnig or debugging
SIP. It recognizes UDP, TCP and partially TLS SIP packets and understands bpf
filter logic in the same way ngrep (8)
and tcpdump (1)
- Display help and usage information.
- Display version information.
- Only capture dialogs starting with an INVITE request.
- Make match expression case insensitive.
- Invert match expression.
- -I pcap_dump
- Read packets from pcap file instead of network devices.
This option can be used with bpf filters.
- -O pcap_dump
- Save all captured packets to a pcap file. This option can
be used with bpf filters.
- -d dev
- Use this capture device instead of default (any).
- -k keyfile
- Use private keyfile to decrypt TLS packets.
- -l limit
- Change default capture limit (20000 dialogs) Limit must be
a numeric value above 1 and can not be disabled. This is both security
measure to avoid unlimited memory usage and also used internally in sngrep
to manage hash table sizes.
- Remove oldest dialog when the capture limit has reached
Altough not recommended, this can be used to keep sngrep running during
long times with some control over consumed memory.
- Don't display sngrep interface, just capture
- Don't print captured dialogs in no interface mode
- Send captured packets to a HEP server (like Homer or
another sngrep) Argument must be an IP address and port in the format:
- Start a HEP server listening for packets Argument must be
an IP address and port in the format: udp:A.B.C.D:PORT
- match expression
- Match given expression in Messages' payload. If one request
message matches the given expression, the following messages within the
same dialog will be also captured.
- bpf filter
- Selects a filter that specifies what packets will be
parsed. If no bpf filter is given, all SIP packets seen on the
selected interface or pcap file will be displayed. Otherwise, only packets
for which bpf filter is `true' will be displayed.
There are multiple windows to provide different information. Most of the program
windows have a help dialog with a brief description and useful keybindings.
The first window that sngrep shows is Call List window and display the different
SIP Call-Ids found in messages. The displayed columns depends on your terminal
width and your custom configuration. You can move between dialogs with arrow
keys and selected them using Spacebar. Selecting multiple dialogs will display
all them in Call flow window and Call Raw window, and will allow to save only
the selected message dialogs to a PCAP file.
This window will a flow diagram of the selected dialogs' messages. The selected
message payload will be displayed in the right side of the window. You can
move between messages using arrow keys and select them using Spacebar.
Selecting multiple messages will display the Message Diff Window.
This window will display the selected dialog messages in plain text. It was
designed to allow copying the messages payload easily. You can also save the
displayed information to a text file from this screen.
Columns displayed in Call List can be updated in this window. You can add or
remove columns or change their order in the list. Additionally, you can save
column state to be use in next sngrep execution.
This window will compare two messages. Right now the comparison is done
searching each line in the other message, highlighting those not found
exactly. You can reach this window by selecting two messages using Spacebar in
Call Flow window
Full paths below may vary between installations.
- System-wide configuration file. Some sngrep options can be
overridden using this file.
- User's configuration file. If this file is present, options
will be override system-wide configurations.
Please report bugs to the sngrep github project at
Non-bug, non-feature-request general feedback should be sent to the author
directly by email.
Written by Ivan Alonso [a.k.a. Kaian] <firstname.lastname@example.org>.