-
Notifications
You must be signed in to change notification settings - Fork 187
Configuration
sngrep configuration is done using sngreprc file. This file contains one line directives that can change default sngrep behaviour. Configuration files are readed in this order
- System-wide configuration: Usually
/etc/sngreprcor/usr/local/etc/sngreprc - User configuration:
$HOME/.sngreprc
For any of this configuration files, empty lines or lines starting with # will be totally ignored. Inline comments (at the end of a configuration setting) are not supported.
Options are configured using set directive to modify its default value. This are the available options configurable via set directive:
Format: set <option> <value>
| option | format | default | description |
|---|---|---|---|
| background | black | transparent | black | Changes background printing. |
| syntax | on | off | on | Enable/Disable SIP Payload syntax highlighting. |
| syntax.tag | on | off | off | Enable/Disable tag syntax highlighting. |
| syntax.branch | on | off | off | Enable/Disable branch syntax highlighting. |
| hintkeyalt | on | off | off | Display alternative keybinding hint in bottom bar. |
| capture.limit | int > 0 | 20000 | Set max number of captured dialogs (-l argument). |
| capture.lookup | on | off | off | Enable/Disable DNS resolution of captured packets IP addresses. |
| capture.device | any | <interface> | any | Set default capture interface (-d argument). |
| capture.outfile | <filename> | Set default capture dump file (-O argument). | |
| capture.keyfile | <filename> | Default capture keyfile for TLS transport (-k argument). | |
| capture.rtp | on| off | off | Store captured RTP packets allowing to save them later. (-r argument). |
| capture.eep | on| off | off | Enable/Disable capture of HEP/EEP traffic. |
| sip.ignoreicomplete | on | off | on | Ingore dialogs not starting with some Request Methods. |
| sip.calls | on | off | off | Ingore dialogs not starting with INVITE Method. |
| sngrep.savepath | <path> | $HOME | Default path in save dialog. |
| sngrep.displayhost | on | off | off | Show resolved hostnames instead of IPs (requires capture.lookup). |
| cl.noexitprompt | on | off | off | Disable exit confirmation prompt. |
| cl.scrollstep | int | 10 | Change default scrolling steps in Call List. |
| cl.colorattr | on | off | on | Display color in attributes in Call List. |
| cl.autoscroll | on | off | on | Scroll Call List automatically when new rows appear. |
| cl.sortfield | fieldname | index | Call List sort field (see below a list of field names). |
| cl.sortorder | asc | desc | asc | Call List sort order. |
| cf.forceraw | on | off | on | Display Payload preview in Call Flow. |
| cf.rawminwidth | int | 40 | Minimun number of columns Payload preview will use. |
| cf.splitcallid | on | off | off | One Column = One address in Call Flow. |
| cf.highlight | bold | reverse | bold | Change current message arrow highlight mode. |
| cf.scrollstep | int | 4 | Change default scrolling steps in Call List. |
| cr.scrollstep | int | 10 | Change default scrolling steps in Call Raw. |
| cr.nonascii | string | . | Character to print non-ascii characters in SIP payload. |
| cl.autoscroll | on | off | off | Enable/disable autoscroll. |
| filter.methods | all methods | method(s) | Default value for checkboxs in filter screen. |
| filter.payload | string | Default value for payload display filter. | |
| aliasport | on | off | off | Take port into account when using aliases. |
| displayalias | on | off | off | Enable/Disable use of aliases. |
Alias can be handy to replace addresses with a label in flow columns. This was designed to improve the understanding of the message source and destination in flows. You can toggle between addresses and alias with togglealias (defaults to a, see keybindings below)
Format: alias <address> <text>
Also, addresses with the same alias will be displayed in one column in Call flow compress mode (default s, see keybindings below)
If aliasport setting set to on then format may be the following:
alias <address>:<port> <text>
Column configuration is also done using set directive. You can easily configure your columns during runtime and save displayed layout or configure them manually.
set cl.column<index> <attribute> (For example: set cl.column7 time)
You can also change default display width using:
set cl.column<index>.width <value> (For example: set cl.column3.width 100)
Here's a list of Call attributes:
| name | width | description |
|---|---|---|
| index | 4 | Dialog capture index for unique identification of dialog. |
| sipfrom | 30 | From header sip uri. |
| sipfromuser | 20 | Username in From header. |
| sipto | 30 | To header sip uri. |
| siptouser | 20 | Username in To header. |
| src | 22 | Source IP:Port of packet. |
| srchost | 16 | Source IP of packet. |
| dst | 22 | Destination IP:Port of packet. |
| dsthost | 16 | Destination IP of packet. |
| callid | 50 | Call-id SIP header value. |
| xcallid | 50 | X-Call-id SIP header value. |
| date | 10 | Date in YYYY/MM/DD format. |
| time | 8 | Time in HH:MM:SS format. |
| method | 15 | Request Method or Response code of SIP message. |
| transport | 3 | SIP transport (UDP|TCP|TLS|..) |
| msgcnt | 5 | Number of messages in the dialog. |
| state | 19 | Call State (if dialog is a call) |
| convdur | 7 | Conversation duration (since first 200 OK to BYE) |
| totaldur | 8 | Total call duration (since INVITE to last message) |
| reason | 25 | SIP Reason header text |
| warning | 4 | SIP Warning header code |
All sngrep keybindings can be configured using bind and unbind directives. Each screens handles a couple of actions, which can have multiple key binded. You can remove default keybindings and remap the same key to other actions.
bind <action> <keycode>
unbind <action> <keycode>
Keycode can be:
- A lowercase letter
- An Uppercase letter
- A letter with
^orCtrl-preffix - One special keycode:
Space,Esc,Enter
Action can be one of the following:
| action | default bindings | description |
|---|---|---|
| up | Up,j | Move up |
| down | Down,k | Move down |
| left | Left | Move left |
| right | Right | Move right |
| delete | Delete | Remove one character |
| backspace | BackSpace | Remove one character |
| npage | NextPage,Ctrl-F | Next page |
| ppage | PrevPage,Ctrl-B | Previous page |
| hnpage | Ctrl-D | Half next page |
| hppage | Ctrl-U | Half previous page |
| begin | Home,Ctrl-A | Move to the begining of field |
| end | End,Ctrl-E | Move to the end of field |
| pfield | Tab | Move to previous field |
| nfield | Tab | Move to next field |
| clear | Ctrl-U | Clear current field |
| clearcalls | F5 | Clear call list |
| togglesyntax | F8,C | Toggle Payload syntax |
| colormode | F7,c | Change arrows color mode |
| togglehostname | F9 | Toggle displaying hostnames |
| togglealias | a | Toggle displaying addresses alias (see address directive) |
| pause | p | Pause online capture |
| prevscreen | Esc,q,Q | Go to previous screen |
| help | F1,h,H,? | Show help popup for current screen |
| raw | F6,r,R | Show call raw screen |
| flow | Enter | Show call flow screen |
| flowex | F4,x,X | Show call flow extended screen |
| filters | F7,f,F | Show filters popup |
| columns | F10,t,T | Show columns popup |
| columnup | - | Move column up in the column list |
| columndown | + | Move column down in the column list |
| search | F3,/,Tab | Focus Display filter box |
| save | F2,s,S | Show save dialog |
| select | Space | Select current dialog/message |
| rtp | f | Show current rtp packet flow |
| rawpreview | F3,t | Toggle payload preview in call flow |
| morerawpreview | 9 | Increase payload preview size |
| lessrawpreview | 0 | Decrease payload preview size |
| resetrawpreview | T | Reset payload preview size |
| onlysdp | D | Only show messages with sdp content |
| sdpinfo | F2,d | Show First SDP address in message arrows |
| compress | F5,s | Compress view to only display one column per IP address |
| hintalt | K | Show alternative keybind in bottom bar |