Provided by: sngrep_1.5.0-1_amd64 bug

NAME

       sngrep - SIP Messages flow viewer

SYNOPSIS

       sngrep  [-hVcivlkNqE]  [  -IO  pcap_dump  ]  [  -d  dev ] [ -l limit ] [ -k keyfile ] [-LH
       capture_url ] [ <match expression> ] [ <bpf filter> ]

DESCRIPTION

       sngrep is a terminal tool that groups SIP (Session Initiation Protocol) Messages by  Call-
       Id, and displays them in arrow flows similar to the used in SIP RFCs. The aim of this tool
       is to make easier the process of learning or debugging SIP. It  recognizes  UDP,  TCP  and
       partially  TLS  SIP packets and understands bpf filter logic in the same way ngrep (8) and
       tcpdump (1) does.

OPTIONS

       -h     Display help and usage information.

       -V     Display version information.

       -c     Only capture dialogs starting with an INVITE request.

       -i     Make match expression case insensitive.

       -v     Invert match expression.

       -I pcap_dump
              Read packets from pcap file instead of network devices. This  option  can  be  used
              with bpf filters.

       -O pcap_dump
              Save all captured packets to a pcap file. This option can be used with bpf filters.

       -B buffer
              Change size of pcap capture buffer (default: 2MB)

       -d dev Use  this  capture device instead of default (any). Special keyword 'any', a device
              name like 'eth0' or a comma separated list like  'eth1,eth3'.  This  overrides  the
              settings in the configuration file.

       -k keyfile
              Use private keyfile to decrypt TLS packets.

       -l limit
              Change  default capture limit (20000 dialogs) Limit must be a numeric value above 1
              and can not be disabled. This is both security measure to  avoid  unlimited  memory
              usage and also used internally in sngrep to manage hash table sizes.

       -R     Remove  oldest  dialog when the capture limit has reached Although not recommended,
              this can be used to keep sngrep running during long times with  some  control  over
              consumed memory.

       -N     Don't display sngrep interface, just capture

       -q     Don't print captured dialogs in no interface mode

       -H     Send  captured packets to a HEP server (like Homer or another sngrep) Argument must
              be an IP address and port in the format: udp:A.B.C.D:PORT

       -L     Start a HEP server listening for packets Argument must be an IP address and port in
              the format: udp:A.B.C.D:PORT

       -E     Enable parsing of captured HEP3 packets.

       match expression
              Match  given  expression  in  Messages' payload. If one request message matches the
              given expression, the following messages  within  the  same  dialog  will  be  also
              captured.

       bpf filter
              Selects  a  filter that specifies what packets will be parsed.  If no bpf filter is
              given, all SIP packets seen  on  the  selected  interface  or  pcap  file  will  be
              displayed.   Otherwise,  only  packets  for  which  bpf  filter  is  `true' will be
              displayed.

Interface

       There are multiple windows to provide different information. Most of the  program  windows
       have a help dialog with a brief description and useful keybindings.

    Call List Window
       The first window that sngrep shows is Call List window and display the different SIP Call-
       Ids found in messages. The displayed columns depends  on  your  terminal  width  and  your
       custom  configuration.   You  can  move  between dialogs with arrow keys and selected them
       using Spacebar. Selecting multiple dialogs will display all them in Call flow  window  and
       Call Raw window, and will allow to save only the selected message dialogs to a PCAP file.

    Call Flow Window
       This  window  will  a flow diagram of the selected dialogs' messages. The selected message
       payload will be displayed in the right side of the window. You can move  between  messages
       using  arrow keys and select them using Spacebar. Selecting multiple messages will display
       the Message Diff Window.

    Call Raw Window
       This window will display the selected dialog messages in plain text. It  was  designed  to
       allow  copying the messages payload easily. You can also save the displayed information to
       a text file from this screen.

    Column selection Window
       Columns displayed in Call List can be updated in  this  window.  You  can  add  or  remove
       columns  or  change their order in the list. Additionally, you can save column state to be
       use in next sngrep execution.

    Message Diff Window
       This window will compare two messages. Right now the comparison  is  done  searching  each
       line  in  the  other  message,  highlighting  those not found exactly.  You can reach this
       window by selecting two messages using Spacebar in Call Flow window

FILES

       Full paths below may vary between installations.

       /etc/sngreprc

              System-wide configuration file. Some sngrep options can be  overridden  using  this
              file.

       ~/.sngreprc

              User's  configuration  file.  If  this  file  is  present, options will be override
              system-wide configurations.

BUGS

       Please report bugs to the sngrep github project at

           http://github.com/irontec/sngrep

       Non-bug, non-feature-request general feedback should be sent to  the  author  directly  by
       email.

AUTHOR

       Written by Ivan Alonso [a.k.a. Kaian] <kaian@irontec.com>.