On Wed, 2 May 2007, CSB wrote:
Well, the first thing I notice is that your first tcpdump example is
listening on eth0, and the second is listening on eth1.
What happens when you do
tcpdump -i eth1 -s 0 -w /tmp/tcpdump.1
Do you see the RTP traffic then?
Thanks
That was a typo. Should have read:
The following works:
tcpdump -i eth1 -s 0 -w /tmp/tcpdump.1
But I want to be a bit more selective:
tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060
This doesn't capture the RTP traffic. Could anyone advise what I'm doing
wrong or suggest a better way?
It would seem that there are various versions of tcpdump/pcap... My system
would seem to want to use something like:
tcpdump ... udp portrange 5060-65535
according to the manual, but it doesn't work.
If the port ranging really isn't working for you, then what I'd probably
be inclined to do is actually do it the other way round and reject ports
you aren't intersted in, so:
tcpdump ... udp and not port 53 and not port 123
53 is DNS and 123 is NTP. There aren't usually any other UDP services
running on your typical Linux box, but if there are, you can quickly
filter then out. (eg. add in a reject of 4569 for IAX2)
Gordon
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
