Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SNGREP(8)		    System Manager's Manual		     SNGREP(8)

NAME
       sngrep -	SIP Messages flow viewer

SYNOPSIS
       sngrep  [-hVcivlkNqE]  [	 -IO  pcap_dump	] [ -d dev ] [ -l limit	] [ -k
       keyfile ] [-LH capture_url ] [ <match expression> ] [ <bpf filter> ]

DESCRIPTION
       sngrep is a terminal tool that groups SIP (Session Initiation Protocol)
       Messages	by Call-Id, and	displays them in arrow flows  similar  to  the
       used in SIP RFCs. The aim of this tool is to make easier	the process of
       learning	or debugging SIP. It recognizes	UDP, TCP and partially TLS SIP
       packets	and understands	bpf filter logic in the	same way ngrep (8) and
       tcpdump (1) does.

OPTIONS
       -h     Display help and usage information.

       -V     Display version information.

       -c     Only capture dialogs starting with an INVITE request.

       -i     Make match expression case insensitive.

       -v     Invert match expression.

       -I pcap_dump
	      Read packets from	pcap file instead of network devices. This op-
	      tion can be used with bpf	filters.

       -O pcap_dump
	      Save all captured	packets	to a pcap file.	 This  option  can  be
	      used with	bpf filters.

       -B buffer
	      Change size of pcap capture buffer (default: 2MB)

       -d dev Use  this	 capture device	instead	of default (any). Special key-
	      word 'any', a device name	like 'eth0' or a comma separated  list
	      like  'eth1,eth3'. This overrides	the settings in	the configura-
	      tion file.

       -k keyfile
	      Use private keyfile to decrypt TLS packets.

       -l limit
	      Change default capture limit (20000 dialogs) Limit must be a nu-
	      meric value above	1 and can not be disabled. This	is both	 secu-
	      rity  measure  to	avoid unlimited	memory usage and also used in-
	      ternally in sngrep to manage hash	table sizes.

       -R     Remove oldest dialog when	the capture limit has reached Although
	      not recommended, this can	be used	to keep	sngrep running	during
	      long times with some control over	consumed memory.

       -N     Don't display sngrep interface, just capture

       -q     Don't print captured dialogs in no interface mode

       -H     Send  captured  packets  to  a HEP server	(like Homer or another
	      sngrep) Argument must be an IP address and port in  the  format:
	      udp:A.B.C.D:PORT

       -L     Start  a HEP server listening for	packets	Argument must be an IP
	      address and port in the format: udp:A.B.C.D:PORT

       -E     Enable parsing of	captured HEP3 packets.

       match expression
	      Match given expression in	Messages' payload. If one request mes-
	      sage matches the given expression, the following messages	within
	      the same dialog will be also captured.

       bpf filter
	      Selects a	filter that specifies what packets will	be parsed.  If
	      no bpf filter is given, all SIP packets seen on the selected in-
	      terface or pcap file will	be displayed.  Otherwise, only packets
	      for which	bpf filter is `true' will be displayed.

Interface
       There are multiple windows to provide different	information.  Most  of
       the  program  windows  have  a help dialog with a brief description and
       useful keybindings.

Call List Window
       The first window	that sngrep shows is Call List window and display  the
       different SIP Call-Ids found in messages. The displayed columns depends
       on your terminal	width and your custom configuration.  You can move be-
       tween dialogs with arrow	keys and selected them using Spacebar. Select-
       ing multiple dialogs will display all them in Call flow window and Call
       Raw window, and will allow to save only the selected message dialogs to
       a PCAP file.

Call Flow Window
       This  window will a flow	diagram	of the selected	dialogs' messages. The
       selected	message	payload	will be	displayed in the  right	 side  of  the
       window.	You can	move between messages using arrow keys and select them
       using Spacebar. Selecting multiple messages will	 display  the  Message
       Diff Window.

Call Raw Window
       This window will	display	the selected dialog messages in	plain text. It
       was designed to allow copying the messages payload easily. You can also
       save the	displayed information to a text	file from this screen.

Column selection Window
       Columns	displayed  in Call List	can be updated in this window. You can
       add or remove columns or	change their order in the list.	 Additionally,
       you can save column state to be use in next sngrep execution.

Message	Diff Window
       This window will	compare	two messages. Right now	the comparison is done
       searching  each line in the other message, highlighting those not found
       exactly.	 You can reach this window by  selecting  two  messages	 using
       Spacebar	in Call	Flow window

FILES
       Full paths below	may vary between installations.

       /etc/sngreprc

	      System-wide configuration	file. Some sngrep options can be over-
	      ridden using this	file.

       ~/.sngreprc

	      User's configuration file. If this file is present, options will
	      be override system-wide configurations.

BUGS
       Please report bugs to the sngrep	github project at

	   http://github.com/irontec/sngrep

       Non-bug,	non-feature-request general feedback should be sent to the au-
       thor directly by	email.

AUTHOR
       Written by Ivan Alonso [a.k.a. Kaian] <kaian@irontec.com>.

sngrep 1.7.0			   Mar 2023			     SNGREP(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sngrep&sektion=8&manpath=FreeBSD+14.3-RELEASE+and+Ports>

home | help