sngrep/doc/sngrep.8

201 lines
5.2 KiB
Groff

.\" Man page for the sngrep
.\"
.\" Copyright (c) 2013-2021 Ivan Alonso <kaian@irontec.com>
.\" Copyright (c) 2013-2021 Irontec S.L.
.TH SNGREP 8 "May 2021" "sngrep 1.5.0"
.SH NAME
sngrep \- SIP Messages flow viewer
.SH SYNOPSIS
.B sngrep [-hVcivlkNqE] [ -IO
.I pcap_dump
.B ] [ -d
.I dev
.B ] [ -l
.I limit
.B ] [ -k
.I keyfile
.B ] [-LH
.I capture_url
.B ] [
.I <match expression>
.B ] [
.I <bpf filter>
.B ]
.SH DESCRIPTION
sngrep is a terminal tool that groups SIP (Session Initiation Protocol)
Messages by Call-Id, and displays them in arrow flows similar to the used in
SIP RFCs. The aim of this tool is to make easier the process of learning or
debugging SIP. It recognizes UDP, TCP and partially TLS SIP packets and
understands bpf filter logic in the same way
.B ngrep (8)
and
.B tcpdump (1)
does.
.SH OPTIONS
.TP
.I \-h
Display help and usage information.
.TP
.I \-V
Display version information.
.TP
.I \-c
Only capture dialogs starting with an INVITE request.
.TP
.I \-i
Make match expression case insensitive.
.TP
.I \-v
Invert match expression.
.TP
.I \-I pcap_dump
Read packets from pcap file instead of network devices. This option can be used
with bpf filters.
.TP
.I \-O pcap_dump
Save all captured packets to a pcap file. This option can be used
with bpf filters.
.TP
.I -B buffer
Change size of pcap capture buffer (default: 2MB)
.TP
.I \-d dev
Use this capture device instead of default (\fIany\fP). Special keyword 'any', a device name like 'eth0' or a comma separated list like 'eth1,eth3'. This overrides the settings in the configuration file.
.TP
.I -k keyfile
Use private keyfile to decrypt TLS packets.
.TP
.I -l limit
Change default capture limit (20000 dialogs)
Limit must be a numeric value above 1 and can not be disabled. This is both
security measure to avoid unlimited memory usage and also used internally
in sngrep to manage hash table sizes.
.TP
.I -R
Remove oldest dialog when the capture limit has reached
Although not recommended, this can be used to keep sngrep running during long
times with some control over consumed memory.
.TP
.I -N
Don't display sngrep interface, just capture
.TP
.I -q
Don't print captured dialogs in no interface mode
.TP
.I -H
Send captured packets to a HEP server (like Homer or another sngrep)
Argument must be an IP address and port in the format: udp:A.B.C.D:PORT
.TP
.I -L
Start a HEP server listening for packets
Argument must be an IP address and port in the format: udp:A.B.C.D:PORT
.TP
.I -E
Enable parsing of captured HEP3 packets.
.TP
.I match expression
Match given expression in Messages' payload. If one request message matches the
given expression, the following messages within the same dialog will be also
captured.
.TP
.I bpf filter
Selects a filter that specifies what packets will be parsed. If no
\fIbpf filter\fP is given, all SIP packets seen on the selected
interface or pcap file will be displayed. Otherwise, only packets for which
\fIbpf filter\fP is `true' will be displayed.
.SH Interface
There are multiple windows to provide different information. Most of the
program windows have a help dialog with a brief description and useful
keybindings.
.SH " Call List Window"
.PP
The first window that sngrep shows is Call List window and display the
different SIP Call-Ids found in messages. The displayed columns depends on your
terminal width and your custom configuration. You can move between dialogs
with arrow keys and selected them using Spacebar. Selecting multiple dialogs
will display all them in Call flow window and Call Raw window, and will allow
to save only the selected message dialogs to a PCAP file.
.SH " Call Flow Window"
.PP
This window will a flow diagram of the selected dialogs' messages. The selected
message payload will be displayed in the right side of the window. You can move
between messages using arrow keys and select them using Spacebar. Selecting
multiple messages will display the Message Diff Window.
.SH " Call Raw Window"
.PP
This window will display the selected dialog messages in plain text. It was
designed to allow copying the messages payload easily. You can also save the
displayed information to a text file from this screen.
.SH " Column selection Window"
.PP
Columns displayed in Call List can be updated in this window. You can add or
remove columns or change their order in the list. Additionally, you can save
column state to be use in next sngrep execution.
.SH " Message Diff Window"
.PP
This window will compare two messages. Right now the comparison is done
searching each line in the other message, highlighting those not found exactly.
You can reach this window by selecting two messages using Spacebar in Call Flow
window
.SH FILES
Full paths below may vary between installations.
.PP
.I /etc/sngreprc
.IP
System\-wide configuration file. Some sngrep options can be overridden using
this file.
.PP
.I ~/.sngreprc
.IP
User's configuration file. If this file is present, options will be override
system\-wide configurations.
.SH BUGS
Please report bugs to the sngrep github project at
http://github.com/irontec/sngrep
Non-bug, non-feature-request general feedback should be sent to the
author directly by email.
.SH AUTHOR
Written by Ivan Alonso [a.k.a. Kaian] <kaian@irontec.com>.