sngrep - SIP Messages flow viewer

       Written by Ivan Alonso [a.k.a. Kaian] <kaian@irontec.com>.

sngrep 1.8.2                                        Mar 2023                                           SNGREP(8)

       Please report bugs to the sngrep github project at

           http://github.com/irontec/sngrep

       Non-bug, non-feature-request general feedback should be sent to the author directly by email.

       This window will a flow diagram of the selected dialogs' messages. The selected message payload  will  be
       displayed in the right side of the window. You can move between messages using arrow keys and select them
       using Spacebar. Selecting multiple messages will display the Message Diff Window.

       The first window that sngrep shows is Call List window and display the different SIP  Call-Ids  found  in
       messages.  The  displayed  columns depends on your terminal width and your custom configuration.  You can
       move between dialogs with arrow keys and selected them using Spacebar. Selecting  multiple  dialogs  will
       display  all  them  in  Call  flow  window  and Call Raw window, and will allow to save only the selected
       message dialogs to a PCAP file.

       This window will display the selected dialog messages in plain text. It was designed to allow copying the
       messages payload easily. You can also save the displayed information to a text file from this screen.

       Columns  displayed  in  Call  List can be updated in this window. You can add or remove columns or change
       their order in the list. Additionally, you can save column state to be use in next sngrep execution.

       sngrep is a terminal tool that groups SIP (Session Initiation Protocol) Messages by Call-Id, and displays
       them in arrow flows similar to the used in SIP RFCs. The aim of this tool is to make easier  the  process
       of  learning  or  debugging SIP. It recognizes UDP, TCP and partially TLS SIP packets and understands bpf
       filter logic in the same way ngrep(8) and tcpdump(1) does.

       Full paths below may vary between installations.

       /etc/sngreprc

              System-wide configuration file. Some sngrep options can be overridden using this file.

       ~/.sngreprc

              User's  configuration  file.  If  this  file  is  present,  options  will  be override system-wide
              configurations.

       There  are  multiple  windows  to  provide different information. Most of the program windows have a help
       dialog with a brief description and useful keybindings.

       This window will compare two messages. Right now the comparison is done searching each line in the  other
       message, highlighting those not found exactly.  You can reach this window by selecting two messages using
       Spacebar in Call Flow window

       sngrep - SIP Messages flow viewer

-h     Display help and usage information.

       -V     Display version information.

       -c     Only capture dialogs starting with an INVITE request.

       -r     Store RTP packets payload in memory (enables saving RTP to pcap)

       -i     Make match expression case insensitive.

       -v     Invert match expression.

       -Ipcap_dump
              Read packets from pcap file instead of network devices. This option can be used with bpf filters.

       -Opcap_dump
              Save all captured packets to a pcap file. This option can be used with bpf filters. When receiving
              a SIGUSR1 signal sngrep will reopen the pcap file in order to facilitate pcap file rotation.

       -Bbuffer
              Change size of pcap capture buffer (default: 2MB)

       -ddev Use this capture device instead of default (any). Special keyword 'any', a device name like 'eth0'
              or a comma separated list like 'eth1,eth3'. This overrides the settings in the configuration file.

       -kkeyfile
              Use private keyfile to decrypt TLS packets.

       -llimit
              Change default capture limit (20000 dialogs) Limit must be a numeric value above 1 and can not  be
              disabled.  This  is both security measure to avoid unlimited memory usage and also used internally
              in sngrep to manage hash table sizes.

       -R     Remove oldest dialog when the capture limit has reached Although not recommended, this can be used
              to keep sngrep running during long times with some control over consumed memory.

       -N     Don't display sngrep interface, just capture

       -q     Don't print captured dialogs in no interface mode

       -H     Send captured packets to a HEP server (like Homer or  another  sngrep)  Argument  must  be  an  IP
              address and port in the format: udp:A.B.C.D:PORT

       -L     Start  a  HEP  server listening for packets Argument must be an IP address and port in the format:
              udp:A.B.C.D:PORT

       -E     Enable parsing of captured HEP3 packets.

       matchexpression
              Match given expression in Messages' payload. If one request message matches the given  expression,
              the following messages within the same dialog will be also captured.

       bpffilter
              Selects  a  filter that specifies what packets will be parsed.  If no bpffilter is given, all SIP
              packets seen on the selected interface or pcap file will be displayed.   Otherwise,  only  packets
              for which bpffilter is `true' will be displayed.

sngrep[-hVcivlkNqEr][-IOpcap_dump][-ddev][-llimit][-kkeyfile][-LHcapture_url][<matchexpression>][<bpffilter>]