How to troubleshoot SIP Connection using tcpdump
To check SIP connection through tcpdump use the following command
tcpdump -nqt -s 0 -A -i eth0 port 5060
where:
-n do not convert IP address to DNS names
-q be quite, print less output informations
-t do not print timestamps
-s capture number of bytes from a packet, 0 = default iptions which is max 65535, or simply a whole packet
-A prints each packet in ASCI
-vvv be very very verbose
-i use interface to capture on
port 5060 listen for traffic ort 5060 traffic for (source and destination)
output of command
IP 65.49.24.54.sip > 37.231.94.119.20589: UDP, length 786
E…..@.@.Y.A1.6%.^w..Pm….SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.40.88.222:5060;branch=z9hG4bKd10baaea26b986e1b4f3f9fa5e774fe0
Via: SIP/2.0/UDP 192.168.1.100:9186;branch=z9hG4bK-d87543-452147928-1–d87543-;rport
Via: SIP/2.0/UDP 192.168.1.100:9186;branch=z9hG4bK-d87543-452147928-1–d87543-;rport
From: 87610511 <sip:87610511@65.49.24.54>;tag=da619607
To: 87610511 <sip:87610511@65.49.24.54>
Call-ID: 0a4e467fbe489029
CSeq: 11 REGISTER
Contact: <sip:87610511@10.40.88.222>
Authorization: Digest username=”87610511″, realm=”65.49.24.54″, nonce=”4b53775ee725506d”, uri=”sip:65.49.24.54″, response=”637f534f8cb99fbd3edb73084e65747a”, algorithm=MD5
Expires: 60
max-forwards: 69
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO
Content-Length: 0
Server: VOS2009 V2.1.1.5