# Traffic Analysis Using Sngrep **Sngrep** is a command-line tool for capturing and analyzing SIP traffic. It allows you to visualize SIP sessions, filter them, and track issues in voice connections. {% hint style="info" %} Use this application to analyze logs and send them to technical support. {% endhint %} To start working with the application, follow the SSH connection to the PBX [guide](/mikopbx/english/faq/troubleshooting/connecting-to-a-pbx-using-ssh/putty.md). To **start** the application, use the command: ```bash sngrep -r ``` {% hint style="success" %} If multiple network interfaces are used, specify the interface ID when launching the application: ```bash bashCopy codesngrep -d eth1 -r ``` The **-r** key allows capturing audio traffic. {% endhint %} You can view the list of interfaces using the following command:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:08:EF:FD  
          inet addr:172.16.156.223  Bcast:172.16.156.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:81838 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38019 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:66203565 (63.1 Mb)  TX bytes:7603334 (7.2 Mb)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:08:EF:07  
          inet addr:172.16.32.162  Bcast:172.16.32.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:48506 errors:0 dropped:4432 overruns:0 frame:0
          TX packets:5386 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3698996 (3.5 Mb)  TX bytes:1886690 (1.7 Mb)

Example of Sngrep Interface:

The application window displays a list of all SIP dialogues: * Use the **⇑** and **⇓** arrows to navigate between dialogues. * Press **Enter** to view detailed information about a dialogue.

* In the detailed view, you can examine specific SIP packets by selecting them with **⇑** and **⇓**. * Press **Enter** to view the contents of a SIP packet.

* Press **ESC** to return to the previous window. * Use the **Space** key to select multiple SIP dialogues and press **Enter** to view them in one window. * In the detailed view, use the **Space** key to select two **SIP** packets for comparison.

## Saving a Dump 1. Use the **Space** key to select the SIP dialogue "Call" of interest.

2. Press **F2** to open the save dump dialogue: * Use the **⇑** and **⇓** arrows to navigate between form fields. * Enter the path and file name. * Select the save action and press **ENTER**. * Download the file using [SSH connection to the PBX with WinSCP](/mikopbx/english/faq/troubleshooting/connecting-to-a-pbx-using-winscp.md). #### Filtering 1. Press **F7** to open the filter dialogue:

2. Use the **⇑** and **⇓** arrows to navigate between form fields. 3. Use the **Space** key to select SIP methods for analysis. 4. Select the **Filter** action and press **ENTER**. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mikopbx.com/mikopbx/english/faq/troubleshooting/traffic-analysis-using-sngrep.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.