VoIP Trouble Shooting Tools


Asterisk

  Summary: Asterisk is a PBX Engine used by a lot of PBX Systems.  Asterisk currently has two SIP Drivers, Chan_SIP is the legacy driver that has been Deprecated and as such isn't receiving any active development.  Whenever possible you should use the PJSIP Driver as it's currently supported and receiving active development. 
  • Useful Commands
    • PJSIP
      •  
      • asterisk -rx 'pjsip show aors'
      • asterisk -rx 'pjsip show endpoints'
      • asterisk -rx 'pjsip show contacts'
      • asterisk -rx 'pjsip show registrations'
    • Chan_SIP
      • asterisk -rx 'sip show peers'
      • asterisk -rx 'sip show registry'

FreePBX

  • Useful Reports
    Most of the info available via asterisk commands above can be found in Reports available in the GUI
    • Reports --> Asterisk Info

tcpdump

  Summary: tcpdump is a packet capturing application available on most Linux based systems

  • Commands
    • Simple tcpdump command, this will create a single udp packet capture in /tmp/ named capture.pcap  This is useful with you can easily recreate an issue on demand and just need to start and stop capture quickly
      tcpdump -i any -s0 -w/tmp/capture.pcap udp
      Use Ctrl-C (or equivalent) to stop the capture
    • Rotating Capture, this will create a series of udp packet captures in /tmp/ named capture-started-yyyymmdd-hhmmZZZ.pcap ( where yyyymmdd-hhmmZZZ is year, month, day, hour, minute, timezone) rotating every 75 MB so you can purge older files as they accumulate this useful when you have a hard to recreate issue and need to leave a capture running for a while to "catch" the issue.
      Note: When leaving a capture running for an extended time you need to beaware of disk space and make sure the captures don't fill the disks.
      tcpdump -i any -s0 -w/tmp/capture-started-`date +%Y%m%d-%H%M%Z`.pcap -C75 udp
    • Unattended Rotating Capture, same as above but runs in a screen session so you can disconnect from the system and leave it running. 
      Note: you may need to install screen via "yum install screen" or "apt-get install screen"
      screen -dm tcpdump -i any -s0 -w/tmp/capture-started-`date +%Y%m%d-%H%M%Z`.pcap -C75 udp
      • To list the screen session(s) 
        screen -list
      • To connect to a screen session
        screen -x zzzz (where zzzz is the id of the screen session listed above)
      • To disconnect from the Screen Session leaving it running in the background Press Ctrl+A then D
      • To stop the capture and kill the Screen Session Press Ctrl+A then K and y to confirm.
  • Filters
    • Usually with SIP calls you want both the SIP and RTP traffic so you can see the signaling and audio at the same time.  Since the signaling is on UDP (by default) and the audio can be on any random UDP port it's usually best to capture all UDP traffic.
      example: tcpdump -i any -s0 -w/tmp/capture.pcap udp
    • If you're only concerned with the SIP Signalling or have privacy concerns you can capture just the SIP traffic by specifying the SIP port and Transport Protocol
      example: tcpdump -i any -s0 -w/tmp/capture.pcap port 5060 and udp


sngrep

  Summary:  sngrep is a command line packet capturing and analysis tool that is useful for realtime trouble shooting.
  • Install
    • CentOS/Fedora/Redhat based systems
      yum install sngrep
      or
      dnf install sngrep
  • Switches
    • Run
      sngrep
    • Run with RTP
      -r
    • Run only Capturing Calls (Invites)
      -c


Wireshark

  • Filters
    • Filter For SIP Notifies, i.e. MWI Polls & Reboot requests:
      sip.Method == "NOTIFY"

    • Filter For SIP Invites:
      sip.Method == "INVITE"

    • Filter For SIP Options (Qualify):
      sip.Method == "OPTIONS"
      • Tracing Qualify Packets:
        • Find the Options Packet via:
          sip.Method == "OPTIONS"
          expand SIP > Message Header, find the Call-ID and search for packets with that Call-ID via:
          sip.Call-ID == "blahblah@IPAddr:Port"

    • Filter for DTMFs
      rtpevent

    • Show all SIP Invites and Ringing
      sip.Method == "INVITE" or sip.Status-Code == 180

    • Find SIP Notifies, i.e. MWI Polls & Reboot requests
      • Examples:
        sip.Method == "NOTIFY"
        sip.Method == "NOTIFY" && sip contains "Messages-Waiting:"
        sip.Method == "NOTIFY" && sip contains "Messages-Waiting: no"
        sip.Method == "NOTIFY" && sip contains "Messages-Waiting: yes"

    • Find reboots reference /etc/asterisk/sip_notify_additional.conf for the event type i.e. "check-sync"
      sip.Event == "check-sync"

    • Find calls to/from a number
      sip contains 123456789

    • Find calls to a number
      sip.To contains 123456789

    • Find calls from a number
      sip.From contains 123456789

    • Extract a single call and audio from pcap
      Telephony --> VoIP Calls, Find Call --> Flow
      Select Invite Packet, Find [Call-ID] (SIP > Message Header)
      Select First RTP IN Packet, Find Synchronization Source identifier [RTP ID IN] (under Real-Time Transport Protocol)
      Select First RTP OUT Packet, Find Synchronization Source identifier [RTP ID OUT] (under Real-Time Transport Protocol)
      sip.Call-ID == "[Call-ID]" or rtcp.senderssrc == [RTP ID IN] or rtcp.senderssrc == [RTP ID OUT] or rtp.ssrc == [RTP ID IN] or rtp.ssrc == [RTP ID OUT]








     RSS of this page