How to capture a tcpdump when encountering telephony/SIP PBX issues

Here are general Instructions on how to run a tcp dump.

1. First login to the Asterisk server as root.
2. Issue a “screen -S tcp”. Where “tcp” is the name of the screen session that you are activating.
3. Issue a “tcpdump-s0 -i eth1 -w tcpMMDD.log port 5060”, where the “MMDD” in the tcpdumpline is the 2 digit month and 2 digit day.

You should now see something like the following:

tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes

4. Now you need to detach from the screen, hit the “CTRL a” and then followed by a “CTRL d”.

5. To reattach to the screen session that is running the tcpdumpand after detaching, hit the “CTRL a”.

6. To terminate the tcpdump, hit “CTRL c”.

NOTE: If there is other SIP traffic like from SIP phones registered with the Asterisk boxthen you want to add “and host <ip address that SIP traffic goes to provider on>” to thetcpdumpcommand. This will restrict the dump to only traffic between the asterisk box andthe specific IP address.

See Solutions “How to use the tcpdump utility” for more information on the tcpdump command and its most often used options.