For a VoIP administrator, in order to properly diagnose and troubleshoot issues sometimes, you need the ability to go to be able to go back in time and dig deep within packet traces to get to the heart of the problem. Unfortunately, this means following the NSA’s policy and doing blanket data collection if you can handle the disk storage requirements.
Sure if the problem is easily reproducible, then you can either do a SIP trace in your VoIP software to get just the signalling data or if you need the RTP streams too, you can use “tcpdump” to capture the packets and avoid this scenario altogether but that isn’t always the case and using tcpdump certainly does have it’s limitations.
Capture (pcap) files get huge and harder to work with, you have to create filters to find the data you need, the list goes on and on. Of course, there are some helpful switches you can use to try to get around this when trying to capture data for long periods of time but then you still run into the problem of needing to run the application as a daemon, rotating log files, and then you still have to dig extensively for the data you need.
Continue reading “pcapsipdump – Dump SIP Signalling and RTP Streams Per Call Leg into Separate Pcap Files”