• Stars
    star
    160
  • Rank 234,703 (Top 5 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created over 11 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

SIPGREP: Display and Troubleshoot SIP signaling over IP networks in console

Build Status

SipGrep 2

Sipgrep is a powerful pcap-aware tool command line tool to sniff, capture, display and troubleshoot SIP signaling over IP networks, allowing the user to specify extended regular expressions matching against SIP headers.

The first version of this program (dated 2005) was a small wrapper for ngrep. Version 2.x provides a full standalone application with numerous additional features geared towards SIP, building upon the excellent ngrep code baseline.

Requirements:

  • libpcap
  • libpcre

On Debian/Ubuntu: sudo apt-get install libpcap-dev libpcre3-dev

On CentOS/RHEL: yum install libpcap-devel pcre-devel

Installation

Debian

Sipgrep is available as Debian package (Thanks @linuxmaniac)

Clone from GIT:

cd /usr/src
git clone https://github.com/sipcapture/sipgrep.git

Build and Install:

cd sipgrep
./build.sh (optional)
./configure
make && make install

Usage:

./sipgrep  -V

sipgrep: V2.01b

./sipgrep -h

usage: sipgrep <-ahNViwgGJpevxlDTRMmqCJjxK> <-IO pcap_dump> <-n num> <-d dev> <-A num>
             <-s snaplen> <-S limitlen> <-c contact user> <-j user agent>
                 <-f from user>  <-t to user> <-H capture url> <-q autostop cond.>
                 <-Q split cond.> <-P portrange> <-F file> <-z duration>
                 <match expression> <bpf filter>
   -h  is help/usage
   -V  is version information
   -e  is show empty packets
   -i  is ignore case
   -x  is disable bad parsing notification
   -v  is invert match
   -R  is don't do privilege revocation logic
   -w  is word-regex (expression must match as a word)
   -p  is don't go into promiscuous mode
   -l  is make stdout line buffered
   -D  is replay pcap_dumps with their recorded time intervals
   -T  is print delta timestamp every time a packet is matched
   -m  is don't do dialog match
   -M  is don't do multi-line match (do single-line match instead)
   -I  is read packet stream from pcap format file pcap_dump
   -O  is dump matched packets in pcap format to pcap_dump
   -n  is look at only num packets
   -A  is dump num packets after a match
   -s  is set the bpf caplen
   -S  is set the limitlen on matched packets
   -C  is no colors in stdout
   -c  is search user in Contact: header
   -f  is search user in From: header
   -t  is search user in To: header
   -F  is read the bpf filter from the specified file
   -H  is homer sipcapture URL (i.e. udp:10.0.0.1:9061)
   -N  is show sub protocol number
   -g  is disabled clean up dialogs during trace
   -G  is print dialog report during clean up
   -J  is kill friendly scanner automatically
   -j  is kill friendly scanner automatically matching user agent string
   -K  is kill friendly scanner providing IP and port/portrange i.e.: 10.0.0.1:5060-5090
   -q  is auto stop condition:
        duration:NUM - stop after NUM seconds
        filesize:NUM - stop this file after NUM KB
   -Q  is pcap_dump split condition:
        duration:NUM - switch to next file after NUM secs
        filesize:NUM - switch to next file after NUM KB
   -a  is disable packet re-assemblation
   -P  is use specified portrange instead of default 5060-5061
   -d  is use specified device instead of the pcap default
   -z  is make statistics count maximum <duration> seconds
   

Examples:

#Find a dialog there From user contains '2323232'
sipgrep -f 2323232

#Find a dialog there To user contains '1111' and print dialog report
sipgrep -f 1111 -G

#Display only 603 replies without dialog match
sipgrep '^SIP/2.0 603' -m

#Display only OPTIONS and NOTIFY requests
sipgrep '^(OPTIONS|NOTIFY)'

#Display only SUBSCRIBE dialog
sipgrep 'CSeq:\s?\d* (SUBSCRIBE|PUBLISH|NOTIFY)' -M

#Kill friendly-scanner
sipgrep -J

#Kill friendly-scanner with custom UAC
sipgrep -j sipvicious

#Display dialogs and duplicate all traffic to HOMER sipcapture in HEPv3
sipgrep -f 23333 -H udp:10.0.0.1:9061

#collect all Calls/Regisrations untill pcap_dump smaller than 20 KB.
sipgrep -q 'filesize:20' -O sipgrep.pcap

#collect all Calls/Regisrations dialogs during 120 seconds, print reports and exit.
sipgrep -g -G -q 'duration:120'

#split pcap_dump to 20 KB files in sipgrep_INDEX_YYYYMMDDHHMM.pcap
sipgrep -Q 'filesize:20' -O sipgrep.pcap

#split pcap_dump in sipgrep_INDEX_YYYYMMDDHHMM.pcap each 120 seconds
sipgrep -Q 'duration:120' -O sipgrep.pcap




Reports

-----------------------------------------------
Dialog finished: [53342c3b200e-hgf9cyc7r0i2]
Type: Call
From: "From Work with Love" <sip:[email protected]>;tag=fucueumi19
To: <sip:[email protected];user=phone>
UAC: snom360/8.7.3.25
CDR init ts: 1395928127
CDR ringing ts: 1395928128
SRD(PDD): 1 sec
CDR answer ts: 1395928136
WTA: 9 sec
CDT (duration): 70 sec
CDR termination ts: 1395928206
Was connected: YES
REASON: BYE
-----------------------------------------------

-----------------------------------------------
Dialog finished: [[email protected]]
Type: Registration
From: <sip:[email protected]>;tag=3598882807
To: <sip:[email protected]>
UAC: AVM FRITZ!Box Fon WLAN 7170 Annex A 58.04.67 (Dec 18 2008)
CDR init ts: 1395928251
CDR termination ts: 1395928251
SDT: 0 sec
Was registered: YES
REASON: 200
-----------------------------------------------

-----------------------------------------------
Dialog finished: [2d714880c68a824dae62049eecc91599]
Type: Call
From: 7001<sip:7001@xxxxxxx>;tag=1244ddd6
To: 448455915802<sip:448455915802@xxxxxxx>
UAC: sipcli/v1.8
CDR init ts: 1395928246
SDT: 8 sec
CDR termination ts: 1395928254
Was connected: NO
REASON: 407
-----------------------------------------------

Colorful SIP Output:

Screenshot

License

Copyright (c) 2014-2016 Alexandr Dubovikov

sipgrep is released under GNU GPL v3. See COPYING for details.

More Repositories

1

homer

HOMER - 100% Open-Source SIP, VoIP, RTC Packet Capture & Monitoring
Shell
1,625
star
2

homer-app

HOMER 7.x Front-End and API Server
Go
204
star
3

heplify-server

HEP Capture Server for HOMER
Go
183
star
4

heplify

Portable and Lightweight HEP Capture Agent for HOMER
Go
182
star
5

captagent

100% Open-Source Packet Capture Agent for HEP
C
167
star
6

paStash

pastaʃ'ʃ = Spaghetti I/O Event Data Processing, Interpolation, Correlation and beyond 🍝
JavaScript
102
star
7

homer7-docker

HOMER 7 Docker Images
JavaScript
93
star
8

homer-ui

HOMER Front-End Application (UI)
TypeScript
62
star
9

HEP

HEP-EEP: Extensible Encapsulation Protocol (Specs & Technical Docs)
44
star
10

homer5-docker

HOMER 5 Docker Containers (OBSOLETE)
M4
40
star
11

homer-installer

HOMER Install Scripts and Install Packages
Shell
36
star
12

rtcagent

RTCAgent is an eBPF powered HEP Agent for HOMER/HEPIC
C
35
star
13

awesome-hep

A curated list of HEP / EEP enabled projects
27
star
14

hep-wireshark

HOMER HEP Wireshark Dissector
Lua
27
star
15

homer-api

HOMER 5: Back-End (API) DEPRICATED - use sipcapture/homer-app
PHP
27
star
16

hepipe.js

Pipe arbitrary data rows (logs, events, cdrs, esl, etc) to HEP Server (HOMER)
JavaScript
24
star
17

rtpbreakr

RTP Audio Juicer
C
23
star
18

HEPop

Multi-Protocol HEP Server & RTC Collector in NodeJS 🎈
JavaScript
22
star
19

hepipe

HEP-PIPE: Pipe arbitrary data (logs, events, cdrs, etc) to HEP server (HOMER)
C
16
star
20

homer-config

HOMER Project Configuration Repo
PHP
13
star
21

homer-docker

HOMER 10 Docker
JavaScript
13
star
22

hep-js

HEP: Javascript/Node implementation of HEP/EEP Encapsulation Protocol
JavaScript
11
star
23

hepsub-voipmonitor

HEP Pub-Sub Client for OSS Voipmonitor Sniffer
JavaScript
10
star
24

homer-view-react

Experimental React Viewer for HEP APIs
JavaScript
10
star
25

pastash_plugins

NPM Plugin Modules for Pastash
JavaScript
9
star
26

homer-view

Homer view interface for sharing
TypeScript
9
star
27

hepfix.js

IPFIX Gateway for HEP & HOMER
JavaScript
9
star
28

hepgen.js

Barebone HEP Generator for SIP-less Devs
JavaScript
9
star
29

HEPjack.js

Elegantly Sniff Forward-Secrecy TLS/SIP to HEP at the source using Frida
JavaScript
9
star
30

captagent-js

Captagent Sample implementation in NodeJS w/ HEP3 and ES Bulk API Support
JavaScript
9
star
31

hepagent

Next-Gen HEP Capture Agent in Rust
Rust
8
star
32

hepsub-rtpengine

HEPSub Middleware for RTPEngine Meta & Recordings
JavaScript
8
star
33

hepsub

HEP Pub-Sub API Example
JavaScript
8
star
34

hepsub-apiban

HOMER/HEPSUB Integration for APIban.org
JavaScript
7
star
35

hep-go

HEP: GO implementation of HEP/EEP Encapsulation Protocol
Go
7
star
36

hepsub-cgrates

HOMER HEPSub client example for CGRages
JavaScript
6
star
37

homer-snmp

HOMER SNMP Bridge
JavaScript
6
star
38

statstrmr

JSON-HEP Statistics Streamer for HOMER 5.x
JavaScript
6
star
39

cacheep

Real-Time Lookup Cache (LRU + API + DNS)
JavaScript
6
star
40

hep-c

HEP: C implementation of HEP/EEP Encapsulation Protocol
C
6
star
41

hepsub-elastic

HEP Subscibe Client for Elasticsearch
JavaScript
6
star
42

hep-java

HEP: JAVA implementation of HEP/EEP Encapsulation Protocol
Java
5
star
43

hep-erlang

HEP: Erlang implementation of HEP/EEP Encapsulation Protocol
Erlang
5
star
44

homer-puppet

HOMER Puppet Modules
Puppet
5
star
45

hepgen-bash

An HEP generator written in bash
Shell
4
star
46

docs

HOMER/HEP Documentation
4
star
47

libhep

HEP Library C/C++
C
4
star
48

helm-charts

HOMER helm charts
Smarty
3
star
49

hep-python

HEP: Python implementation of HEP/EEP Encapsulation Protocol
Python
3
star
50

sipcapture.github.io

sipcapture.github.io
HTML
2
star
51

teardown-js

Synthetic SIP Teardown Generator module for NodeJS
JavaScript
2
star
52

hsp-output-elasticsearch

ESP/HSP template for Elasticsearch
2
star
53

hep-perl

HEP Perl implementation. Provided by SipGate
Perl
1
star
54

builders

Package Builders for SIPCAPTURE/QXIP Projects
Shell
1
star