Capturing SIP and RTP traffic using tcpdump


Tcpdump is command-line packet analyzer, It has a lot of cool features to capture the network traffic. Let’s see the command to capture the SIP and RTP traffic using the Tcpdump.

Capturing only SIP traffic using the Tcpdump:

tcpdump -i eth0 -n -s 0 port 5060 -vvv -w /home/capture_file_name.pcap

-i = interface you want to capture on, eth0, eth1, eth2, etc, you will want to do this on your public interface most likely.
-n = Do not convert ip addresses to names, prevents DNS lookups.
-s = How many bytes of data to grab from each packet, zero means use the required length to catch whole packets.
port = What port to listen to, 5060 is the default port for SIP.
-vvv = Even more, verbose output, this will give you as many details as possible.
-w = Write to a raw file to be parsed later.

You can also Capture SIP Traffic to Console in ASCII format using the following command.
 tcpdump -n -q -tttt -s 0 -A -i eth0 port 5060

Capturing SIP and RTP traffic and saving it to pcap file:

tcpdump -i eth0 udp port 5060 or udp portrange 10000-20000 -s 0 -w filename.cap

Note: My SIP server listening on default port 5060, My RTP ports are 10000 to 20000. So change these ports according to your environment.

Now we have the entire capture in pcap file, You can open it using Wireshark for further analysis.


Hi Guys, I am Venkatesh. I am a programmer and an Open Source enthusiast. I write about programming and technology on this blog.

You may also like...

Leave a Reply