From owner-freebsd-questions@FreeBSD.ORG Tue Jan 25 11:33:32 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D3411065693 for ; Tue, 25 Jan 2011 11:33:32 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from fileserver.home.qeng-ho.org (blue.qeng-ho.org [217.155.128.241]) by mx1.freebsd.org (Postfix) with ESMTP id 08E7B8FC13 for ; Tue, 25 Jan 2011 11:33:31 +0000 (UTC) Received: from fileserver.home.qeng-ho.org (localhost [127.0.0.1]) by fileserver.home.qeng-ho.org (8.14.4/8.14.4) with ESMTP id p0PBXUmC021835; Tue, 25 Jan 2011 11:33:30 GMT (envelope-from freebsd@qeng-ho.org) Message-ID: <4D3EB50A.5030803@qeng-ho.org> Date: Tue, 25 Jan 2011 11:33:30 +0000 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.16) Gecko/20101218 Thunderbird/3.0.11 MIME-Version: 1.0 To: Da Rock References: <4D3E782F.5040203@herveybayaustralia.com.au> <4D3E8DCA.1020304@baywinds.org> <4D3EA8C4.2030204@herveybayaustralia.com.au> In-Reply-To: <4D3EA8C4.2030204@herveybayaustralia.com.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Tracing packets - asterisk issues X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2011 11:33:32 -0000 On 01/25/11 10:41, Da Rock wrote: > On 01/25/11 18:46, Bruce Ferrell wrote: >> On 01/24/2011 11:13 PM, Da Rock wrote: >>> I have been trying to get some pointers on my asterisk issues and I've >>> only been hearing crickets chirping (Asterisk list and here). I need a >>> pointer or two so I can fix this issue, so I'll try another angle. >>> >>> How do I trace IP packets across the network (pf firewall included)? >>> And would it be possible to read it visually (human readable)? >>> >>> Cheers >> Use tcpdump to do a capture file. something like this: >> >> tcpdump -i eth0 -n -s 1500 -w sip.cap >> >> then feed sip.cap to wireshark >> >> filter for SIP and observe the SIP conversation >> >> It's also possible to decode the RTP stream > I've been using tcpdump on the asterisk server and both interfaces of > the firewall as well as the log interface. Unfortunately, its not giving > me the answers I want so far. Follow a stream from beginning to end, so > to speak, but I've been having trouble matching it up; especially with > the log. > > Is it possible with wireshark to do this kind of matching if I capture > on all these interfaces? From the wireshark manual page: INTERFACE MENU ITEMS File:Open File:Open Recent File:Merge Merge another capture file to the currently loaded one. The File:Merge dialog box allows the merge "Prepended", "Chronologically" or "Appended", relative to the already loaded one. Looks like doing a chronological merge is what you need. Your machines had better have the same idea of what the time is though.