Call Us Today! 877.742.2583




Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: add awk parsing example

...

The analysis window proposes information about the terminals engaged in the conversation, the codec used, and some statistics about the flow. You can focus for example on jitter and packet loss in order to understand why the voice quality wasn’t good enough. From this module, it is also possible to extract the content of the RTP frames and rebuild a voice sound file. This one will be saved in WAV format and you can listen to it with any sound player available.

Parsing tcpdump Fields

Courtesy of David Witham on the FreeSWITCH Slack channel:

If you are wanting to print certain fields in the output of tcpdump or sngrep, awk is a useful tool. If I have the example output in a file like this:

Code Block
languagebash
titleExample output of tcpdump
$ cat tcpdump.txt
10:39:30.860838 IP 172.27.228.145.5060 > 172.27.107.222.59716: SIP: SIP/2.0 200 OK
10:39:32.530710 IP 172.27.228.145.5060 > 172.27.107.222.59716: SIP: SIP/2.0 200 OK
10:40:08.825797 IP 172.27.228.145.5060 > 172.27.107.222.61681: SIP: SIP/2.0 200 OK

Then use your grep filtering to select the desired lines and then pipe that through awk to print the fields you want. e.g the source IP and SIP message:

Code Block
languagebash
titleawk field selection
$ cat tcpdump.txt | egrep "200 OK|403" | awk '{print $3 " " $8}'
172.27.228.145.5060 200
172.27.228.145.5060 200
172.27.228.145.5060 200

If you want to remove the port number from the IP address, split the field into an array "a" using "." (period) as the delimiter, then print the first 4 elements separated by a literal "." (period)

Code Block
languagebash
titleawk array to remove port number
$ cat tcpdump.txt | egrep "200 OK|403" | awk '{split($3,a,"."); print a[1]"."a[2]"."a[3]"."a[4] " " $8}'
172.27.228.145 200
172.27.228.145 200
172.27.228.145 200

Note: I've used single quotes for the awk script so that I can use double quotes inside it. Or you can put a more complex awk script in a file and use the -f option. Hope this helps.

Conclusion

IP telephony, like any application heavily using the network, should be analyzed whenever a problem occurs. In order to be reactive, my advice is to train yourself when everything is working fine and you have spare time to train. This will allow you to know the tools but also when looking at nothing special it is very common to find issue on the network. Finally, don’t be afraid of the protocols, even if they are complex. Their proper understanding will be a great advantage when facing a real issue on your system.

...