Sngrep ( is a handy tool that is very useful for anybody doing anything with SIP. It grew from Irontec’s ( Nikolay Shopik’s co-workers’ use of ngrep ( to find SIP traffic. Originally built on top of ngrep, it later shifted to utilizing libpcap ( instead.

Sngrep can capture SIP packets directly on a sipXcom server or read them from a PCAP file. It allows the user to view a SIP ladder diagram of the message flow and also save the conversation to a PCAP file.

To install, create a repo file in /etc/yum.repos.d for irontec

vi /etc/yum.repos.d/irontec.repo

Insert the following:

name=Irontec RPMs repository

Add irontec’s certificate:

rpm –import

And then yum install:

yum -y install sngrep

To use it, simply enter:


You’ll see all of your SIP traffic traversing the server. I’d encourage you to play with the filtering capabilities to look for interesting traffic. And since sipXcom utilizes SIP for communications between components this makes it very easy to follow the entire flow of the system.

If you have the Network Packet Capture service installed on your server, you can open those files directly on the server. The pcap files are in /var/log/sipxpbx/tcpdump. To load a file with Sngrep use the following command:

sngrep -i filename

Add sngrep to your toolbox today!


More About the sipXcom Project:

From 2010 to 2015, sipXecs primary development contributions were provided by the development team at eZuce, Inc. The sipXcom open source communications project was established in January of 2015 from a fork in the sipXecs project by the development team at eZuce, Inc. With the creation of sipXcom, this team shifted its focus to contributing to the new project and no longer maintains sipXecs code nor participates in the SIPfoundry forums.

The experts who have helped to build sipXecs into the incredible product that it is will be found in the Google Groups ( and (