Hi everybody,

When I execute "./bootstrap.sh" It gives me the following error:

[root@pbx sngrep]# ./bootstrap.sh
Generating the configure script …
aclocal:configure.ac:4: warning: macro `AM_SILENT_RULES’ not found in library
configure.ac:4: error: possibly undefined macro: AM_SILENT_RULES
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.

[root@pbx sngrep]#

I have CentOS 5.10 / 64.

Is this a bug?

Best regards,

Ramses

Hi,

When I push any function keys in the panel appears the question " Are you sure you want to quit?".

This occurs with any function key.

I have installed "mc" and "htop" and the function keys work well.

Thanks,

Ramses

Hi,
I've been playing with sngrep a bit on a test PBX, and I find that it crashes after being run for a few minutes. It's not a consistent amount of time, so I assume it's crashing when some data goes in or out and the parser fails. I'd love to be able to give more info, but i'm not really sure how to collect it. I have a pcap of it happening, but need to go through and scrub any passwords/private info out of it before posting. Anything else I should do?

Hola,

Como he comentado, estoy usando Putty 0.63.

Para que me aparezcan correctamente las líneas de los marcos de, por ejemplo, el "mc", tengo configurado Putty (Windows -> Translarion -> Remote Character Set) en UTF-8.

Cuando ejecuto "sngrep" con esa codificación las líneas de los marcos del panel, flechas, etc, me salen códigos raros y tengo que cambiar la codificación, por ejemplo, a ISO-8859.

¿Se puede adaptar para no tener que ir cambiando de una codificación a otra?.

Saludos

after "./configure && make", a number of files got modified by automake:

#       modified:   Makefile.in
#       modified:   aclocal.m4
#       modified:   config/Makefile.in
#       modified:   configure
#       modified:   doc/Makefile.in
#       modified:   src/Makefile.in

It's better to remove all autogenerated files completely from the repository, and run "autoreconf" after cloning.

here's an example of .gitignore:
https://github.com/ssinyagin/spsid-server/blob/master/.gitignore

I'm at f8d78a7 in branch fix_monochrome.

I launch xterm in default geometry (80x24), and then F10, and select "SIP From", "SIP To", and "Time", and deselect all other columns.

sngrep displays only Sip From correctly. The second column has number "1", then space, then time. If deselect "Time", there's still "1" in the second column (time disappears).

Segmentation fault issue when track with second ACK

a nice to have feature request: a shortcut key that would stop the running capture.

Sometime when I have to deal with slow connections (e.g, 3G), I am using mosh instead of ssh:

• https://mosh.mit.edu

mosh is forcing the locales to UTF-8 and that might be the reason sngrep is no longer displaying the graphics as usual. For example, the arrow for signaling diagram is like:

x qqqqqqqqqqqqqqqqqqqqqqqqqq> x

Otherwise, the settings are the same -- I connect with ssh from same terminal app to same server and all ok, using mosh instead of ssh breaks the graphics.

The output is still usable, just wanted to point it here in case there is something easy to fix. mosh is available on most of linux distros by now, reuses ssh for authentication, has clients for mobile, so might be good to have sngrep working properly, if not a big investment -- I consider this more as an enhancement than a bug now.

[23270.047015] sngrep[22010]: segfault at 7fbc06b15ba8 ip 00007fbc0767436d sp 00007fbc06ad0ea0 error 4 in libpcap.so.1.3.0[7fbc0766a000+2f000]

test use hping3 with sip flood to sip server . and run sngrep at sip server

hping3 -i u1000 -2 --spoof 192.168.1.12 -p 5060 192.168.1.1 -E register -d 650

file 'register' with 650 bytes . one register cap

Filter dialog is .. sometimes usefull, but I will be nice to have a small textbox in call list for filtering the displayed rows.

This filter will be applied to the displayed text in each row, so it could be used to match an address, method or whatever columns are displayed.

Sngrep sip parser using strings scan is fast but simple and not compliant with any RFC.
Maybe using a library, like libosip[1] could be a nice addition, at the cost of adding an extra dependency.

[1] http://www.gnu.org/software/osip/

This is a request for a new features.

It would be easier to refer to a call in a trace by its index number. If the trace has just a few calls, it is not a problem to figure out its index, but for large traces it can take a lot to count.

One can refer to a call by caller+callee+time or call-id, but that takes time to localize.

Not being a ncurses developer, nor that much familiar with sngrep code, if it would not be much effort, I think it would be useful to just say "look the 25th call in the trace", then one can navigate with the cursor and open the 25th call, provided that there is a column displaying the index of each call.

Hi,

would be cool if I could set the filter-settings from F7 as an argument,
something like:

sngrep port 5060 --no-options

┌────────────────────────────────────────────────┐
│                 Filter options                 │
├────────────────────────────────────────────────┤
│  Enable filters [*]                            │
├────────────────────────────────────────────────┤
│  SIP From:                                     │
│  SIP To:                                       │
│  Source:                                       │
│  Destiny:                                      │
├────────────────────────────────────────────────┤
│  REGISTER   [*]        OPTIONS    [ ]          │
│  INVITE     [*]        PUBLISH    [*]          │
│  SUBSCRIBE  [*]        MESSAGE    [*]          │
│  NOTIFY     [*]                                │
├────────────────────────────────────────────────┤
│          [ Filter ]         [ Cancel ]         │
└────────────────────────────────────────────────┘

is this possible to add?

Br
Sebastian Thörn

I think libpcap is the way to go when capturing packages instead of parsing ngrep output.

I am not sure how many special ngrep flags are really useful or used, but removing ngrep and stdbuf dependencies will be, most probably, better in all cases.

Congratulations for your work and thanks for sharing. I compiled the application on RedHat and working correctly, but the ncurses interface shows wite characters instead solid colors, the color of the fonts and bakcground color work fine, Do you know the possible cause of this error? I'm using ncurses 5.7

Cheers!

trace sip packet incorrect , loss TRANSFER / REFER message

Hi, i could install sngrep after install some extra packages in elastix 2.0 but when i run the command sngrep --help y got the error:

"./sngrep: error while loading shared libraries: libpcap.so.1: cannot open shared object file: No such file or directory"

And i have this about libpcap:

find * | grep libpcap.so
usr/lib64/libpcap.so.0
usr/lib64/libpcap.so.0.9.4
usr/lib64/libpcap.so.0.9
usr/lib/libpcap.so.0
usr/lib/libpcap.so.0.9.4
usr/lib/libpcap.so.0.9
usr/src/libpcap-1.4.0/libpcap.so.1.4.0

My question is: Do i have to install the version 1 of libpcup?
Can i edit sngrep to use any of my installed version of libpcap?

Thanks

Sorry my english...

Modiy sip header parser to allow TCP packets.

Hello:

I had downloaded the last version, after the compile, when analize a file, the sngrep don't see any messages SIP. Thanks

Regards.
Carlos Sanz

trace sip packet incorrect , loss PRACK message

I happened upon the single keystroke action support in the Help menu that are alternates for the Function keys highlighted in the status bar in the bottom of sngrep. I'm very used to tools such as bash, less/more and vim and would love to see additional keybindings available in sngrep.

1. SIP Messages Flow Viewer, Raw Viewer
   1. CTRL-f = Page Down (less/more)
   2. CTRL-b = Page Up (less/more)
   3. CTRL-d = Page Down half window (less/more)
   4. CTRL-u = Page Up half window (less/more)
   5. k = Down Arrow (vim, less/more)
   6. j = Up Arrow (vim, less/more)
2. Filter Dialog Box Text Inputs (SIP From/To, Source, Destination), Filter Display Input
   1. CTRL-u = Delete input (bash)
   2. CTRL-a = Move cursor to start of the input field (bash)
   3. CTRL-e = Move cursor to the end of the input field (bash)

A good overview of Bash keyboard shortcuts can be found here: http://ss64.com/bash/syntax-keyboard.html

Some less keyboard shortcuts: http://ss64.com/bash/less.html

An additional request would be to allow sngrep to show the single character keybindings in the hint bar at the bottom of the screen for those who are less function-key inclined.

crash when cap TLS call in .
sngrep -k server.key -I xxxx.pcap
i had upload pcap file and ssl key

Hola,

Cuando realizo una captura guardando el contenido en un fichero con la opción -O, además de las trazas me mete alguna basura de este tipo:

*sëTÐ XXÄ4k"óE`HRÅ@ÈÀšÈúÀšÈlÄÄ4þOPTIONS sip:[email protected]:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.20:5060;branch=z9hG4bK126e75e5
Max-Forwards: 70
From: "Unknown" sip:[email protected];tag=as44d6986b
To: sip:[email protected]:5060
Contact: sip:[email protected]:5060
Call-ID: [email protected]:5060
CSeq: 102 OPTIONS
User-Agent: FPBX-2.11.0(11.7.0)
Date: Mon, 23 Feb 2015 18:36:26 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0

Como vemos, delante del OPTIONS hay códigos raros...

¿Hay forma de que esa "basura" no quede reflejada en el fichero?

Saludos

I've got a PC Engines APU box http://www.pcengines.ch/apu.htm that I've installed OpenBSD 5.6 on. I get the following errors when building sngrep.

# make
Making all in src
make  all-am
if gcc -DHAVE_CONFIG_H -I. -I. -I.      -g -O2 -MT capture.o -MD -MP -MF ".deps/capture.Tpo" -c -o capture.o capture.c;  then mv -f ".deps/capture.Tpo" ".deps/capture.Po"; else rm -f ".deps/capture.Tpo"; exit 1; fi
In file included from capture.h:40,
                 from capture.c:35:
/usr/include/netinet/if_ether.h:137: error: field 'ea_hdr' has incomplete type
In file included from capture.c:35:
capture.h:99: error: expected specifier-qualifier-list before 'pthread_t'
capture.c: In function 'parse_packet':
capture.c:274: error: incompatible type for argument 1 of 'sip_load_message'
capture.c: In function 'capture_close':
capture.c:304: error: 'capture_info_t' has no member named 'capture_t'
capture.c: In function 'capture_launch_thread':
capture.c:321: error: 'capture_info_t' has no member named 'capture_t'
capture.c: In function 'capture_set_bpf_filter':
capture.c:348: warning: passing argument 3 of 'pcap_compile' discards qualifiers from pointer target type
capture.c: In function 'datalink_size':
capture.c:447: error: 'DLT_LINUX_SLL' undeclared (first use in this function)
capture.c:447: error: (Each undeclared identifier is reported only once
capture.c:447: error: for each function it appears in.)
capture.c: In function 'lookup_hostname':
capture.c:499: error: 'AF_INET' undeclared (first use in this function)
*** Error 1 in src (Makefile:277 'capture.o')
*** Error 1 in src (Makefile:174 'all')
*** Error 1 in /usr/src/sngrep-master (Makefile:231 'all-recursive')
#                                                     

It seems as though ./bootstrap.sh and ./configure have no problems themselves.

# ./bootstrap.sh                                                                                                                                                                                        
Generating the configure script ...
# ./configure                                                                                                                                                                                           
configure     configure.ac  
# ./configure 
checking for a BSD-compatible install... /usr/bin/install -c
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking dependency style of gcc... (cached) gcc3
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... gcc3
checking for a BSD-compatible install... /usr/bin/install -c
checking whether ln -s works... yes
checking for egrep... (cached) /usr/bin/grep -E
checking for pthread_create in -lpthread... yes
checking for pcap_open_offline in -lpcap... yes
checking pcap.h usability... yes
checking pcap.h presence... yes
checking for pcap.h... yes
checking ncurses.h usability... yes
checking ncurses.h presence... yes
checking for ncurses.h... yes
checking for initscr in -lncurses... yes
checking for new_panel in -lpanel... yes
checking for new_form in -lform... yes
checking for new_item in -lmenu... yes

 ██╗██████╗  ██████╗ ███╗   ██╗████████╗███████╗ ██████╗
 ██║██╔══██╗██╔═══██╗████╗  ██║╚══██╔══╝██╔════╝██╔════╝
 ██║██████╔╝██║   ██║██╔██╗ ██║   ██║   █████╗  ██║     
 ██║██╔══██╗██║   ██║██║╚██╗██║   ██║   ██╔══╝  ██║     
 ██║██║  ██║╚██████╔╝██║ ╚████║   ██║   ███████╗╚██████╗
 ╚═╝╚═╝  ╚═╝ ╚═════╝ ╚═╝  ╚═══╝   ╚═╝   ╚══════╝ ╚═════╝

configure: 
configure: sngrep configure finished                                    
configure: ======================================================       
configure: OpenSSL Support              : no                    
configure: Unicode Support              : no                            
configure: Perl Expressions Support     : no              
configure: IPv6 Support                 : no              
configure: ======================================================       
configure: 
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating config/Makefile
config.status: creating doc/Makefile
config.status: creating src/config.h
config.status: executing depfiles commands

Thanks for the great application!!
I downloaded the source code version directly from github and I'm having issues compiling it. The ./configure is fine, but when I execute make I get the next error:

Making all in src
make[1]: se ingresa al directorio /usr/local/src/sngrep/src' CC exec.o In file included from exec.c:32:0: ui_manager.h:69:33: error: unknown type name ‘sip_msg_t’ ui_manager.h:88:6: error: nested redefinition of ‘enum sngrep_colors’ ui_manager.h:88:6: error: redeclaration of ‘enum sngrep_colors’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:40:6: note: originally defined here In file included from exec.c:32:0: ui_manager.h:91:5: error: redeclaration of enumerator ‘HIGHLIGHT_COLOR’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:41:5: note: previous definition of ‘HIGHLIGHT_COLOR’ was here In file included from exec.c:32:0: ui_manager.h:93:5: error: redeclaration of enumerator ‘HELP_COLOR’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:42:5: note: previous definition of ‘HELP_COLOR’ was here In file included from exec.c:32:0: ui_manager.h:95:5: error: redeclaration of enumerator ‘OUTGOING_COLOR’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:43:5: note: previous definition of ‘OUTGOING_COLOR’ was here In file included from exec.c:32:0: ui_manager.h:97:5: error: redeclaration of enumerator ‘INCOMING_COLOR’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:44:5: note: previous definition of ‘INCOMING_COLOR’ was here In file included from exec.c:32:0: ui_manager.h:99:5: error: redeclaration of enumerator ‘DETAIL_BORDER_COLOR’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:45:5: note: previous definition of ‘DETAIL_BORDER_COLOR’ was here In file included from exec.c:32:0: ui_manager.h:109:6: error: nested redefinition of ‘enum panel_types’ ui_manager.h:109:6: error: redeclaration of ‘enum panel_types’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:53:6: note: originally defined here In file included from exec.c:32:0: ui_manager.h:112:5: error: redeclaration of enumerator ‘MAIN_PANEL’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:54:5: note: previous definition of ‘MAIN_PANEL’ was here In file included from exec.c:32:0: ui_manager.h:114:5: error: redeclaration of enumerator ‘DETAILS_PANEL’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:56:5: note: previous definition of ‘DETAILS_PANEL’ was here In file included from exec.c:32:0: ui_manager.h:116:5: error: redeclaration of enumerator ‘DETAILS_EX_PANEL’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:57:5: note: previous definition of ‘DETAILS_EX_PANEL’ was here In file included from exec.c:32:0: ui_manager.h:118:5: error: redeclaration of enumerator ‘RAW_PANEL’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:58:5: note: previous definition of ‘RAW_PANEL’ was here In file included from exec.c:32:0: ui_manager.h:181:30: error: unknown type name ‘sip_msg_t’ ui_manager.h:247:1: error: conflicting types for ‘wait_for_input’ In file included from /usr/include/unctrl.h:54:0, from /usr/include/ncurses.h:1657, from ui_manager.h:39, from exec.c:32: /usr/local/include/curses.h:101:6: note: previous declaration of ‘wait_for_input’ was here In file included from exec.c:32:0: ui_manager.h:273:20: error: unknown type name ‘sip_msg_t’ exec.c: In function ‘online_capture’: exec.c:82:22: warning: assignment makes pointer from integer without a cast [enabled by default] make[1]: *** [exec.o] Error 1 make[1]: se sale del directorio/usr/local/src/sngrep/src'
make: *** [all-recursive] Error 1

it would be nice to have an option or command-line switch that ignores the OPTIONS sessions and does not display them on the list of calls. Otherwise it's sometimes tricky to find the needed session because the screen is polluted with pings.

Segmentation fault issue when track with multi codec RTP setup stream

Hola team, primero que nada quiero felicitarlos por esta herramienta!

Les cuento mi situacion, tengo un servidor Debian Wheezy con varias interfaces "escuchando" difrentes monitor session.

Utilizo por lo general ngrep para hacer una captura con determinado numero, por ejemplo:

ngrep -d eth4 -liqt -W byline 221xxxxxxxx port 5060

El cual me da la señalizacion SIP

En cambio cuando utilizo sngrep no importa el filtro que agregue me da lo siguiente:

sngrep -d eth4

eth4: no IPv4 address assigned: No se puede asignar la dirección solicitada

Intente distintos "flavors" de comandos y siempre es el mismo, lo unico que no pasa es cuando pongo el comando con "any" pero no me trae ningun tipo de informacion.

Agradezco si pueden ayudarme con esto.

Saludos!

The remote party answered to my INVITE:
100 Trying
183 Session Progress
480 Temporarily Unavailable
Then I answer with ACK.

sngrep still shows the call as "CALL SETUP"

I can send you the packet capture privately.

issue for cap packet more 4096 bytes .

i had sent pcap file .

crash when run sngrep .

sngrep[3506]: segfault at 0 ip 0000000000404a7c sp 00007ff883a83d38 error 4 in sngrep[400000+17000]

issue come when system with ppp device . maybe same issue when with tap, tun , vlan

Is it possible to set up the filters before I launch the program (as arguments).

I'm trying to use sngrep on a heavy traffic server, and it just fills the screen too quickly if I launch it.

hi,

whatever I tried, I couldn't make sngrep display IPv6 SIP traffic. Looks like it's explicitly sniffing to IPv4 traffic only, even if I put ipv6 expression as capture filter.

Improve the way screen is used to display information

We could remove a couple of lines from titles and improve the way keybindings are displayed in order to maximize the listing and flow areas.

It would be nice to implement better vertical scrollbars.

While entering some search term in Call List display filter, the cursor is not properly displayed.

Due to #21 some colors have changed making it harder to read some sections (like titles, keybindings and columns headers).

Restore old color values keeping it also readable by monochrome terminals.

Hi,

i start using sngrep for capture calls in some clients, but in older version of debian sngrep crashs with segmentation fault after minutes of execution.

Client A

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff67d3700 (LWP 15325)]

Thread 2 (Thread 0x7ffff67d3700 (LWP 15325)):
#0  0x00007ffff6e4bbe7 in memcpy () from /lib/libc.so.6
#1  0x0000000000404242 in parse_packet (mode=<value optimized out>, header=0x7ffff67d2e40, packet=0x7ffff6bc4044 "")
    at capture.c:278
#2  0x00007ffff7350b05 in ?? () from /usr/lib/libpcap.so.0.8
#3  0x00007ffff7355109 in pcap_loop () from /usr/lib/libpcap.so.0.8
#4  0x0000000000403fac in capture_thread (none=<value optimized out>) at capture.c:390
#5  0x00007ffff71348ca in start_thread () from /lib/libpthread.so.0
#6  0x00007ffff6e9b92d in clone () from /lib/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7ffff7fec700 (LWP 15309)):
#0  0x00007ffff6e909d3 in poll () from /lib/libc.so.6
#1  0x00007ffff75b065e in _nc_timed_wait () from /lib/libncurses.so.5
#2  0x00007ffff759899b in _nc_wgetch () from /lib/libncurses.so.5
#3  0x00007ffff7598c37 in wgetch () from /lib/libncurses.so.5
#4  0x0000000000409823 in wait_for_input (ui=0x616bc0) at ui_manager.c:295
#5  0x0000000000406560 in main (argc=1, argv=0x7fffffffea78) at main.c:286

Debian GNU/Linux 6.0
kernel: 2.6.32-5-amd64
libc6: 2.11.3-3
libpcap0.8: 1.1.1-2+squeeze1
sngrep build from source

Client B

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff67d6700 (LWP 12618)]

Thread 2 (Thread 0x7ffff67d6700 (LWP 12618)):
#0  0x00007ffff6ef7fc9 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x0000000000404a17 in parse_packet (mode=<optimized out>, header=0x7ffff67d5e50, packet=0x7ffff6bc3044 "")
    at capture.c:278
#2  0x00007ffff7fb5fbe in ?? () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#3  0x00007ffff7fbcf01 in pcap_loop () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#4  0x000000000040415c in capture_thread (none=<optimized out>) at capture.c:390
#5  0x00007ffff7160b50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#6  0x00007ffff6eaae6d in clone () from /lib/x86_64-linux-gnu/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7ffff7fad700 (LWP 12615)):
#0  0x00007ffff6ea0223 in poll () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff738cb99 in _nc_timed_wait () from /lib/x86_64-linux-gnu/libtinfo.so.5
#2  0x00007ffff75ac402 in _nc_wgetch () from /lib/x86_64-linux-gnu/libncurses.so.5
#3  0x00007ffff75acfd5 in wgetch () from /lib/x86_64-linux-gnu/libncurses.so.5
#4  0x0000000000408be4 in wait_for_input (ui=0x616c20) at ui_manager.c:295
#5  0x0000000000403e71 in main (argc=1, argv=<optimized out>) at main.c:286

libc6:amd64: 2.13-38+deb7u4
libpcap0.8-dev: 1.3.0-1
Debian GNU/Linux 7
kernel: 3.2.0-4-amd64
sngrep built from source

Now, All captured packages are saved since ngrep is spawned in a temporal pcap.

Using lipcap, we could store the captured packaged and allow users to select which dialogs want to be saved in a new pcap file. Of course, this won't work with ngrep capture mode.

i had sent cap file to your mail

Hi I have downloaded SNGREP-MASTER.ZIP for teh GITHUB but i have the error:
root@asteriskac:/usr/src/sngrep-master# ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... configure: error: newly created file is older than distributed files!
Check your system clock

I downloaded the http://blog.voz-ip.com/wp-content/uploads/2013/06/sngrep-0.0-alpha.tar.gz and worked fine the installation, what can we do? Best Regards

Now, callflow screen displays messages that contains SDP info adding " (SDP)" to the method/response code.

I cout be useful to add a keybinding to display only messages with SDP and their address/ports next to the message method/response code .

hi again :)
If I use sngrep inside xterm with standard colors (white background, black font), the current selection in the list of calls is hard to read: black font on vivid blue is almost unreadable.

so. some better color combination is needed -- probably a bit lighter blue?

I'm at f7cf974 in master branch.

Hola! Antes de exponer el error quiero agradecer y felicitar por la herramienta, es muy buena, ya tengo experiencia usandola sobre varios Debian sin problemas.
El problema en si es que no estoy pudiendo compilar la aplicacion desde un CentOS 6.4 dejo a continuacion un log de lo que sucede.

[root@FMC-MGW-I sngrep-master]# ./configure --disable-ngrep
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define EXTENSIONS... yes
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking dependency style of gcc... (cached) gcc3
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... gcc3
checking whether ln -s works... yes
checking for egrep... (cached) /bin/grep -E
checking ncurses.h usability... yes
checking ncurses.h presence... yes
checking for ncurses.h... yes
checking for initscr in -lncurses... yes
checking for new_panel in -lpanel... yes
checking for pthread_create in -lpthread... yes
checking for pcap_open_offline in -lpcap... yes
checking pcap.h usability... yes
checking pcap.h presence... yes
checking for pcap.h... yes

         OZZZO
         OZZZO
     .:  OZZZO  :.
   :DDD. OZZZO  DDD~
 :DDDDD. OZZZO  DDDDD:
DDDDDDD. OZZZO  DDDDDDD.

.DDDDDD OZZZO .DDDDDD.
ODDDD?. OZZZO .~DDDDZ.
DDDDD. OZZZO 8DDDD
,DDDD. ..... DDDD,
~DDDD DDDD+
:DDDD. DDDD,
DDDDD 8DDDD.
ODDDD? ~DDDDZ
.DDDDDD. .DDDDDD.
.DDDDDD8. .8DDDDDD
.:DDDDDDDDDDDDDDDDDDD:.
.DDDDDDDDDDDDDDD.
.:DDDDDDDDD,.

configure:
configure: ======================================================
configure: sngrep configure finished
configure: Current Development stage: ALPHA
configure: ----------------------------------------------------
configure: ======================================================
configure:
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: executing depfiles commands
[root@FMC-MGW-I sngrep-master]# make
Making all in src
make[1]: Entering directory /usr/src/sngrep-master/src' make[1]: Nothing to be done forall'.
make[1]: Leaving directory /usr/src/sngrep-master/src' make[1]: Entering directory/usr/src/sngrep-master'
make[1]: Nothing to be done for all-am'. make[1]: Leaving directory/usr/src/sngrep-master'
[root@FMC-MGW-I sngrep-master]#

Probe haciendo make clean y volviendo a compilar y nada. Estoy mas que interesado en instalar esta aplicacion por su gran utilidad.

Agradesco desde ya.

Saludos.

Vazu

hi again
in SecureCRT in monchrome mode, the selection is not visible on the overview screen. I will test in more detail later tonight.

show wrong for rtp stream include STUN packet

hi again :)

these two commands work:

sngrep /var/local/sip-2015-02-25--13-56-16.pcap
sngrep -c -I /var/local/sip-2015-02-25--13-56-16.pcap

but this one does not:

sngrep -c /var/local/sip-2015-02-25--13-56-16.pcap 
Couldn't parse filter /var/local/sip-2015-02-25--13-56-16.pcap : syntax error

as -I is optional, it should be always optional :)

Hello:

Thanks, the application is very good.

I have downloaded the latest version and I am trying compile but I received the following issue:

root@ubuntu-csanz:sngrep# make
Making all in src
make[1]: Entering directory /usr/src/sngrep/src' CC exec.o In file included from exec.c:33:0: ui_manager.h:69:33: error: unknown type name ‘sip_msg_t’ ui_manager.h:88:6: error: nested redefinition of ‘enum sngrep_colors’ ui_manager.h:88:6: error: redeclaration of ‘enum sngrep_colors’ /usr/local/include/curses.h:40:6: note: originally defined here ui_manager.h:91:5: error: redeclaration of enumerator ‘HIGHLIGHT_COLOR’ /usr/local/include/curses.h:41:5: note: previous definition of ‘HIGHLIGHT_COLOR’ was here ui_manager.h:93:5: error: redeclaration of enumerator ‘HELP_COLOR’ /usr/local/include/curses.h:42:5: note: previous definition of ‘HELP_COLOR’ was here ui_manager.h:95:5: error: redeclaration of enumerator ‘OUTGOING_COLOR’ /usr/local/include/curses.h:43:5: note: previous definition of ‘OUTGOING_COLOR’ was here ui_manager.h:97:5: error: redeclaration of enumerator ‘INCOMING_COLOR’ /usr/local/include/curses.h:44:5: note: previous definition of ‘INCOMING_COLOR’ was here ui_manager.h:99:5: error: redeclaration of enumerator ‘DETAIL_BORDER_COLOR’ /usr/local/include/curses.h:45:5: note: previous definition of ‘DETAIL_BORDER_COLOR’ was here ui_manager.h:109:6: error: nested redefinition of ‘enum panel_types’ ui_manager.h:109:6: error: redeclaration of ‘enum panel_types’ /usr/local/include/curses.h:53:6: note: originally defined here ui_manager.h:112:5: error: redeclaration of enumerator ‘MAIN_PANEL’ /usr/local/include/curses.h:54:5: note: previous definition of ‘MAIN_PANEL’ was here ui_manager.h:114:5: error: redeclaration of enumerator ‘DETAILS_PANEL’ /usr/local/include/curses.h:56:5: note: previous definition of ‘DETAILS_PANEL’ was here ui_manager.h:116:5: error: redeclaration of enumerator ‘DETAILS_EX_PANEL’ /usr/local/include/curses.h:57:5: note: previous definition of ‘DETAILS_EX_PANEL’ was here ui_manager.h:118:5: error: redeclaration of enumerator ‘RAW_PANEL’ /usr/local/include/curses.h:58:5: note: previous definition of ‘RAW_PANEL’ was here ui_manager.h:181:30: error: unknown type name ‘sip_msg_t’ ui_manager.h:247:1: error: conflicting types for ‘wait_for_input’ /usr/local/include/curses.h:101:6: note: previous declaration of ‘wait_for_input’ was here ui_manager.h:273:20: error: unknown type name ‘sip_msg_t’ exec.c: In function ‘run_ngrep’: exec.c:83:22: warning: assignment makes pointer from integer without a cast [enabled by default] make[1]: *** [exec.o] Error 1 make[1]: Leaving directory/usr/src/sngrep/src'
make: *** [all-recursive] Error 1

Regards.
Carlos Sanz

Another request for a new features (two of them), based on what I find useful by using more and more sngrep.

First one

It would be nice to see the duration of of the call as another column in the main view. Typically one wants to look at those calls that are very short, could be an indication that an ACK was misrouted or there was a codec mismatch.

I think that there can be two interesting values:

• 1. duration between first request of the dialog and the last - good for canceled calls to see how long the user was waiting or for calls not completed due to timeout (e.g., gateway not reacting)
• 2. duration between 200ok of the first INVITE and the BYE request (or the reply to the BYE)

It could be a single column, showing the value for 1) for all calls (dialogs), adding 2) in parenthesis for completed calls. For example, a canceled call after 20 seconds will show:

20

An answered call after 15 seconds of ringing and 60 seconds of talk will show:

75 (60)

I guess the values can be easily computed when setting the final state: REJECTED, CANCELLED or COMPLETED. Makes no sense to print and update in real time for IN CALL dialogs.

Second one

In the main view, when searching with F3, would be good to see the number of how many calls were matching. I haven't seen a status bar where it could be shown, maybe after the text in the search input field ...

As an example of usefulness: have the trace of the past day, then search for calls made by user ABC and see how many are there.

Thanks again for you time and the nice, very useful tool!