0
我一直在玩一些tcpdump的命令和egrep命令显示SIP用户代理和IP只和tcpdump
tcpdump -i eth1 port sip -l -A | egrep -i 'User-Agent'
我离开星号PBX服务器上运行此,我可以看到所有的useragents流下来的画面。
我想看到的是用户代理和SIP客户端的IP ,然后忽略几种不同类型的用户代理,以便当我完成时,我只看到IP地址和用户代理下来未知交通的屏幕。 这里是一个没有egrep的命令的完整SIP包的例子。我没有一个例子,在那里sipcli/v1.8的用户代理可能以后我可以得到它。
07:54:24.358716 IP xxx.xx.xx.xxx.5060 > 10.1.44.10.5060: SIP, length: 543
EH.;.5..8.y..UF.&..
.....'!SSIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK49b7b7d0;received=10.1.44.10;rport=5060
From: <sip:[email protected]>;tag=as5afba40a
To: <sip:[email protected]>;tag=as14777e11
Call-ID: [email protected]
CSeq: 604 REGISTER
Server: voip.ms
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="voipprovider3.domain.com", nonce="7810c539"
Content-Length: 0
07:54:24.384512 IP 10.1.44.10.5060 > xxx.xx.xx.xxx.5060: SIP, length: 558
E`[email protected]&..
.UF......6..REGISTER sip:voipprovider3.domain.com SIP/2.0
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK6ef2d7d2;rport
Max-Forwards: 70
From: <sip:[email protected]>;tag=as5afba40a
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 605 REGISTER
User-Agent: unknown
Authorization: Digest username="12345_3", realm="voipprovider3.domain.com", algorithm=MD5, uri="sip:voipprovider3.domain.com", nonce="7810c539", response="5d6ac715deff942d1a3b22b39f83c0b1"
Expires: 120
Contact: <sip:[email protected]:5060>
Content-Length: 0
07:54:24.387070 IP xxx.xx.xx.xxx.5060 > 10.1.44.10.5060: SIP, length: 549
EH.A.6..8.y..UF.&..
.....-.GSIP/2.0 200 OK
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK6ef2d7d2;received=10.1.44.10;rport=5060
From: <sip:[email protected]>;tag=as5afba40a
To: <sip:[email protected]>;tag=as14777e11
Call-ID: [email protected]
CSeq: 605 REGISTER
Server: voip.ms
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Expires: 120
Contact: <sip:[email protected]:5060>;expires=120
Date: Tue, 22 Nov 2016 12:54:24 GMT
Content-Length: 0
07:54:24.813579 IP 10.1.44.10.5060 > xxx.xx.xx.xxx.5060: SIP, length: 551
E`[email protected]&..
.UF....../..REGISTER sip:voipprovider.domain.com SIP/2.0
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK3b0c2176;rport
Max-Forwards: 70
From: <sip:[email protected]>;tag=as5b82aabf
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 604 REGISTER
User-Agent: unknown
Authorization: Digest username="12345", realm="voipprovider1.domain.com", algorithm=MD5, uri="sip:voipprovider.domain.com", nonce="236a06e2", response="13d3528c45792fb242a47f1c18b43879"
Expires: 120
Contact: <sip:[email protected]:5060>
Content-Length: 0
07:54:24.816319 IP xxx.xx.xx.xxx.5060 > 10.1.44.10.5060: SIP, length: 539
EH.7Jy..7.Ou.UF.&..
.....# .SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK3b0c2176;received=10.1.44.10;rport=5060
From: <sip:[email protected]>;tag=as5b82aabf
To: <sip:[email protected]>;tag=as15b40d21
Call-ID: [email protected]
CSeq: 604 REGISTER
Server: voip.ms
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="voipprovider1.domain.com", nonce="168d0f22"
Content-Length: 0
07:54:24.842388 IP 10.1.44.10.5060 > xxx.xx.xx.xxx.5060: SIP, length: 551
E`[email protected]&..
.UF....../..REGISTER sip:voipprovider.domain.com SIP/2.0
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK69d58133;rport
Max-Forwards: 70
From: <sip:[email protected]>;tag=as5b82aabf
To: <sip:[email protected]>
Call-ID: [email protected]
CSeq: 605 REGISTER
User-Agent: unknown
Authorization: Digest username="12345", realm="voipprovider1.domain.com", algorithm=MD5, uri="sip:voipprovider.domain.com", nonce="168d0f22", response="724e79293e8d587a2b8106df991486d7"
Expires: 120
Contact: <sip:[email protected]:5060>
Content-Length: 0
07:54:24.899968 IP xxx.xx.xx.xxx.5060 > 10.1.44.10.5060: SIP, length: 545
EH.=Jz..7.On.UF.&..
.....)..SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK69d58133;received=10.1.44.10;rport=5060
From: <sip:[email protected]>;tag=as5b82aabf
To: <sip:[email protected]>;tag=as15b40d21
Call-ID: [email protected]
CSeq: 605 REGISTER
Server: voip.ms
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Expires: 120
Contact: <sip:[email protected]:5060>;expires=120
Date: Tue, 22 Nov 2016 12:54:24 GMT
Content-Length: 0
这里是与egrep的,并与它的IP地址就行了。我真的只想显示只显示用户代理的行。这也显示没有useragent。
tcpdump -i eth1 port sip -l -A | egrep -i 'User-Agent|SIP/2.0/UDP'
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK6fd0af5a;received=10.1.44.10;rport=5060
Via: SIP/2.0/UDP 158.85.70.151:5060;branch=z9hG4bK64939182;rport
User-Agent: VoipProvider
Via: SIP/2.0/UDP 158.85.70.151:5060;branch=z9hG4bK64939182;received=158.85.70.151;rport=42872
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK600d27fe;rport
User-Agent: Asterisk PBX
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK600d27fe;received=10.1.44.10;rport=5060
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK374f1905;rport
User-Agent: Asterisk PBX
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK374f1905;received=10.1.44.10;rport=5060
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK4ac13138;rport
User-Agent: Asterisk PBX
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK4ac13138;received=10.1.44.10;rport=5060
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK370927b1;rport
User-Agent: Asterisk PBX
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK370927b1;received=10.1.44.10;rport=5060
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;rport
User-Agent: sipcli/v1.8
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK7a1517ef
User-Agent: Asterisk PBX
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK7a1517ef;received=10.1.44.10;rport=5060
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK425ae339
User-Agent: Asterisk PBX
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK425ae339;received=10.1.44.10;rport=5060
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK7ac74b27
User-Agent: Asterisk PBX
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK7ac74b27;received=10.1.44.10;rport=5060
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 185.40.4.96:5070;branch=z9hG4bK-ac834e0a1d92fc96bb7b4da395a5ead5;received=185.40.4.96;rport=5070
Via: SIP/2.0/UDP 10.1.44.10:5060;branch=z9hG4bK7723c051
User-Agent: Asterisk PBX
我希望看到这样的
sipcli/v1.8 185.40.4.96
请从tcpdump命令增加一个样本输入文本和展示我们的预期输出的文本... – Sundeep
我egrep命令下来,但它仍然显示的额外很多。我只想看到不是我的手机或我的提供商或我的星号电话系统的ips。就是一切。 – user2630659
你是否考虑过使用tshark和diplay过滤器? –