Need to store raw sip message


I am working on a project where i have to capture incoming raw sip message like below -

<--- Received SIP request (968 bytes) from UDP:xx.xx.xx.xx:5060 --->
INVITE sip:xxxxxxxxxx@xx.xx.xx.xx:5060 SIP/2.0
Via: SIP/2.0/UDP xx.xx.xx.xx:5060;branch=asdfasdfasdf
Max-Forwards: 69
From: "[V] xxxxxxxxxx" <sip:xxxxxxxxxx@xx.xx.xx.xx>;tag=dsdsd
To: <sip:xxxxxxxxxx@xx.xx.xx.xx>
Contact: <sip:xxxxxxxxxx@xx.xx.xx.xx:5060;transport=udp>
Call-ID: asdfasdfasdfwe23@xx.xx.xx.xx:5060
CSeq: 102 INVITE
User-Agent: packetrino
Date: Mon, 14 Jul 2013 06:15:30 GMT
Supported: replaces
X-Outbound: dddddd-xx.xx.xx.xx
Content-Type: application/sdp
Content-Length: 322

o=root 33333 333333 IN IP4 xx.xx.xx.xx
s=Asterisk PBX 16.8.0
c=IN IP4 xx.xx.xx.xx
t=0 0
m=audio 26626 RTP/AVP 0 8 18 3 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=rtpmap:3 GSM/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16

Please advise how can i capture this in a file or if I can use any system pre defined variables.

I am using Asterisk 20.3.0 and PJSIP

I would use tcpdump to perform the packet capture, and tshark to perform the


I use ‘pcapsipdump’.

It is a bit more ‘SIP feature specific’ than tcpdump.

Each call creates a new file. You can include RTP in the file if desired.

Both pcapsipdump and tcpdump capture packets. You will need to ‘format’ the packets using tcpdump, sngrep, wireshark, etc, to fulfill your request.

You could also configure Asterisk to log the packets it sees and sends.

Note that packet capture programs see incoming packets before iptables and IIRC see outbound packets after iptables. Thus, they may see things that never make it to/from Asterisk and your endpoint.

also sngrep is a usfull tool

and if you want a large scale solution
on asterisk you configire hep.conf to point at you homer server

Can I embedded it in extensions.conf? so that every time i receive the call, i can start capturing new raw sip messages?

That would be too late, as there are important parts of SIP (possibly the most
important) which cause the dialplan to be executed, and if you start capturing
after the diaplan executes, you miss those.


If you want SIP captured whenever a call happens, Homer would be the way to go.

With a homer setup, you configure Asterisk to forward all signalling to the homer server. This solution also works for encrypted traffic (Eg. sips and WebRTC that runs over HTTPS), while everything that just captures packets on the network level, will NEVER be able to save the encrypted signalling.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.