tcpdump -i eth0 -n -s 0 port 5060 -vvv -w /home/capture_file_name
-i = interface you want to capture on, eth0, eth1, eth2, etc, you will want to do this on your public interface most likely.
-n = Do not convert ip addresses to names, prevents dns lookups.
-s = How many bytes of data to grab from each packet, zero means use the required length to catch whole packets.
port = What port to listen to, 5060 is the default port for SIP.
-vvv = Even more verbose output, this will give you as many details as possible.
-w = Write to a raw file to be parsed later.
-i = interface you want to capture on, eth0, eth1, eth2, etc, you will want to do this on your public interface most likely.
-n = Do not convert ip addresses to names, prevents dns lookups.
-s = How many bytes of data to grab from each packet, zero means use the required length to catch whole packets.
port = What port to listen to, 5060 is the default port for SIP.
-vvv = Even more verbose output, this will give you as many details as possible.
-w = Write to a raw file to be parsed later.
0 comments: