Running SNGREP for a long time can cause the system to crash so make sure not to leave it unattended for a prolonged period.
SNGREP is a tool for displaying SIP message flows. It supports live capture to display real-time SIP packets and can also be used as a PCAP viewer.
After users ssh into their system, they need to execute this command to enter SNGREP: /opt/pbxware/sh/sngrep
PBXwareMT_support ~ # /opt/pbxware/sh/sngrep -r
When a user presses F7, the 'Filter options window' will open as shown in the picture below.
In the example below, we will select only INVITE for the easiest finding of relevant entries.
Example:
Press Enter to check the entry.
If a user wants to check 'RTP' on a live call, s(he) needs to open INVITE with Enter and then press F3.
F2 is for 'SDP' and F3 for 'RTP'.
SNGREP can save selected call legs to a PCAP file for further analysis using Wireshark.
To do this, select the required call legs by hitting the space bar.
Once a user selects the required call legs, s(he) needs to press F2 and after that the 'Save capture' window will open like in the picture below.
PCAP will be saved under /opt/pbxware/pw.
If we navigate to the /opt/pbxware/pw folder, we will see that the pcap file is saved.
PBXwareMT_support /opt/pbxware/pw # ls -lah | grep test.pcap
-rw-r--r-- 1 root root 9.4K Apr 6 18:21 test.pcap
NOTE: Please note that SNGREP can not run on the system actively for a long time. This process needs to be supervised, especially if you are running it in your working hours. Please make sure to clean the window with F5 regularly, as there is a limitation on how many packets can be captured.