All Articles

FreeSWITCH SIP debugging with tcpdump and Wireshark

While debugging SIP (Voice-over-IP) problems, it might be helpful to create pcap network dumps with tcpdump that can be processed by Wireshark.

nohup tcpdump -nq -s 0 -i eth0 -G3600 \
  -w trace/sip-%F-%H%M%S.pcap port 5060 &

This will run a background process of tcpdump that creates pcap protocol dump files in the trace directory about every hour. The command above will dump port 5060, which is commonly used for SIP with FreeSWITCH setups. You might have to change to 5080 or also include this port in your setup.

You can also dump the RTP (audio) traffic by including RTP ports:

nohup tcpdump -nq -s 0 -i eth0 -G3600 \
  -w trace/sip-%F-%H%M%S.pcap port 5060 \
  or or portrange 16384-32768 &

Likewise, adapt the port range to your local setup. Resulting pcap files can be processed with suitable tools, namely the Wireshark network analyzer.