Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            1. Bicom Systems
            2. Solution home
            3. PBXware
            4. HOWTOs

            Troubleshooting :: HOWTO Using SNGREP

            Adisa Aljukic
            Modified on: Wed, 24 Jan, 2024 at 10:05 AM

            Running SNGREP for a long time can cause the system crash.


            SNGREP is a tool for displaying SIP messages flows. It supports live capture to display realtime SIP packets and can also be used as a PCAP viewer.

            After users ssh into their system, they need to execute this command to enter SNGREP: /opt/pbxware/sh/sngrep

            PBXwareMT_support ~ # /opt/pbxware/sh/sngrep -r


            • SC Quit: Escape and quit SNGREP.
            • Enter: Show more information about the highlighted line item.
            • Space: After pressing the spacebar, the line is selected. With this, a user can select multiple lines and can be used with the F2 Save option.
            • F1 Help: Gives the help menu.
            • F2 Save: Option to save the current capture session dialogs to a .pcap or .txt to a specific path and file name.
            • F3 Search: Gives the option to search in a more specific and granular way.
            • F4 Extended: Gives the extended view.
            • F5 Clear: Clear the screen.
            • F7 Filter: Like Search but with more options to filter the end result.
            • F8 Settings: Adjust the SNGREP settings interface, capture options, call flow options, and EEP/HEP Homer options.
            • F10: Adjust what columns are displayed on the open SNGREP window.


            When a user presses F7, the 'Filter options window' will open as shown in the picture below.

            In the example below, we will select only INVITE for the easiest finding of relevant entries.



            Example:



            Press Enter to check the entry.



            If a user wants to check 'RTP' on a live call, s(he) needs to open INVITE with Enter and then press F3.

            F2 is for 'SDP' and F3 for 'RTP'.


            SNGREP can save selected call legs to a PCAP file for further analysis using Wireshark.

            To do this, select the required call legs by hitting the space bar.



            Once a user selects the required call legs, s(he) needs to press F2 and after that the 'Save capture' window will open like in the picture below.




            PCAP will be saved under /opt/pbxware/pw.

            If we navigate to the /opt/pbxware/pw folder, we will see that the pcap file is saved.

            PBXwareMT_support /opt/pbxware/pw # ls -lah | grep test.pcap
            -rw-r--r-- 1 root root 9.4K Apr 6 18:21 test.pcap



            NOTE: Please note that SNGREP can not run on the system actively for a long time. This process needs to be supervised, especially if you are running it in your working hours. Please make sure to clean the window with F5 regularly, as there is a limitation on how many packets can be captured. 



            Articles in this folder

            You may like to read

            Preview
            0 of 0