On Wed, May 02, 2007 at 08:52:42PM +1200, CSB wrote:
> >
> >Well, the first thing I notice is that your first tcpdump example is
> >listening on eth0, and the second is listening on eth1.
> >
> >What happens when you do
> >
> >tcpdump -i eth1 -s 0 -w /tmp/tcpdump.1
> >
> >Do you see the RTP traffic then?
> >
> Thanks
>
> That was a typo. Should have read:
> The following works:
> tcpdump -i eth1 -s 0 -w /tmp/tcpdump.1
>
> But I want to be a bit more selective:
> tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060
>
> This doesn't capture the RTP traffic. Could anyone advise what I'm doing
> wrong or suggest a better way?
This is probably too big a cannon, but just in case it is useful:
Anybody tried marking the SIP and related RTP packets in kernel iptables
rules and then sniffing just marked packets?
--
Tzafrir Cohen
icq#16849755 jabber:[EMAIL PROTECTED]
+972-50-7952406 mailto:[EMAIL PROTECTED]
http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
