tcpdump command corresponding to "sngrep - c"

[hzxgo]

Sngrep doesn't seem to support running in the background, so I would like to know the tcpdump command corresponding to "sngrep - c"

[Kaian]

There is no such command for tcpdump, because it will require to analyze SIP payload to filter INVITES
We use tcpdump for capture with something like (captures packets in 5060 and ip fragments)

tcpdump -Z root -i any -s0 -B 524288 -n -w new-capture-file.pcap port 5060 or \( ip[6:2] \& 0x1fff \) != 0

You can also add your RTP ports range for audio

tcpdump -Z root -i any -s0 -B 524288 -n -w new-capture-file.pcap port 5060 or portrange 13000-30000 or \( ip[6:2] \& 0x1fff \) != 0

And if you want to auto-rotate when file reaches a given size (10 files of 1 Gb), you can also add

tcpdump -Z root -i any -s0 -B 524288 -n -w new-capture-file.pcap -C 1000 -W 10 port 5060 or portrange 13000-30000 or \( ip[6:2] \& 0x1fff \) != 0

Hope it helps,

Regards