Introduction

This software was born as a prof concept idea to capture SIP traffic from a remote host (SIP Proxy, Gateway, etc) and show live SIP messages about an specific dialog (filtered by the From SIP user) to help our tech support team debug SIP transactions in a friendly way.

There are 3 pieces of software in this process, 2 of them were created by us:

1. ngrep: Created by Jordan Ritter - http://ngrep.sourceforge.net
   ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
2. siptraced: Created by Devel-IT - http://www.devel-it.com.br
   siptraced is a perl daemon that reads a ngrep log file and push each line on a TCP port, so everyone connected on this port will listen to all traffic captured by ngrep (dangerous and perhaps a waste of bandwidth). There is no user/IP authentication yet.
3. WIST: Created by Devel-IT - http://www.devel-it.com.br
   WIST is a PHP Web Interface that permits you to connect on a remote host/port and listen/filter a SIP dialog of an specific SIP From number, while not listening to all captured traffic pushed by siptraced. The STOP control is done by the browser's stop button. The output is colorized and "Call-ID" tag is highlighted to make it simple to be located. You can run WIST on any host running a Web Server with PHP >= 4.0.x and authorized to connect on siptraced remote TCP port.

There is no guarantee about our software, use it at your own risk. Read the source code first; if you didn't understand it then don't use it!