Running SNGREP for a long time can cause the system to crash so make sure not to leave it unattended for a prolonged period.
SNGREP is a tool for displaying SIP message flows. It supports live capture to display real-time SIP packets and can also be used as a PCAP viewer.
After users ssh into their system, they need to execute this command to enter SNGREP: /opt/pbxware/sh/sngrep
PBXwareMT_support ~ # /opt/pbxware/sh/sngrep -r
- SC Quit: Escape and quit SNGREP.
- Enter: Show more information about the highlighted line item.
- Space: After pressing the spacebar, the line is selected. With this, a user can select multiple lines and can be used with the F2 Save option.
- F1 Help: Gives the help menu.
- F2 Save: Option to save the current capture session dialogs to a .pcap or .txt to a specific path and file name.
- F3 Search: Gives the option to search in a more specific and granular way.
- F4 Extended: Gives the extended view.
- F5 Clear: Clear the screen.
- F7 Filter: Like Search but with more options to filter the end result.
- F8 Settings: Adjust the SNGREP settings interface, capture options, call flow options, and EEP/HEP Homer options.
- F10: Adjust what columns are displayed on the open SNGREP window.
When a user presses F7, the 'Filter options window' will open as shown in the picture below.
In the example below, we will select only INVITE for the easiest finding of relevant entries.
Example:
Press Enter to check the entry.
If a user wants to check 'RTP' on a live call, s(he) needs to open INVITE with Enter and then press F3.
F2 is for 'SDP' and F3 for 'RTP'.
SNGREP can save selected call legs to a PCAP file for further analysis using Wireshark.
To do this, select the required call legs by hitting the space bar.
Once a user selects the required call legs, s(he) needs to press F2 and after that the 'Save capture' window will open like in the picture below.
PCAP will be saved under /opt/pbxware/pw.
If we navigate to the /opt/pbxware/pw folder, we will see that the pcap file is saved.
PBXwareMT_support /opt/pbxware/pw # ls -lah | grep test.pcap
-rw-r--r-- 1 root root 9.4K Apr 6 18:21 test.pcap
NOTE: Please note that SNGREP can not run on the system actively for a long time. This process needs to be supervised, especially if you are running it in your working hours. Please make sure to clean the window with F5 regularly, as there is a limitation on how many packets can be captured.
