Troubleshooting HOWTO Using SNGREP

From Bicom Systems Wiki

SNGREP is a tool for displaying SIP messages flows. It supports live capture to display realtime SIP packets and can also be used as a PCAP viewer.

After users ssh into their system, they need to execute this command to enter SNGREP: /opt/pbxware/sh/sngrep

PBXwareMT_support ~ # /opt/pbxware/sh/sngrep -r


  • ESC Quit: Escape and quit SNGREP.
  • Enter: Show more information about the highlighted line item.
  • Space: After pressing the spacebar, the line is selected. With this, a user can select multiple lines and can be used with the F2 Save option.
  • F1 Help: Gives the help menu.
  • F2 Save: Option to save the current capture session dialogs to a .pcap or .txt to a specific path and file name.
  • F3 Search: Gives the option to search in a more specific and granular way.
  • F4 Extended: Gives the extended view.
  • F5 Clear: Clear the screen.
  • F7 Filter: Like Search but with more options to filter the end result.
  • F8 Settings: Adjust the SNGREP settings interface, capture options, call flow options, and EEP/HEP Homer options.
  • F10: Adjust what columns are displayed on the open SNGREP window.

When a user presses F7, the 'Filter options window' will open as shown in the picture below.

Filter Options

In the example below, we will select only INVITE for the easiest finding of relevant entries.



Press Enter to check the entry.


If a user wants to check 'RTP' on a live call, s(he) needs to open INVITE with Enter and then press F3.

F2 is for 'SDP' and F3 for 'RTP'.

SNGREP can save selected call legs to a PCAP file for further analysis using Wireshark.

To do this, select the required call legs by hitting the space bar.
SNGREP spacebar.png

Once a user selects the required call legs, s(he) needs to press F2 and after that the 'Save capture' window will open like in the picture below.

Save CaptureSNGREP.png

PCAP will be saved under /opt/pbxware/pw.

If we navigate to the /opt/pbxware/pw folder, we will see that the pcap file is saved.

PBXwareMT_support /opt/pbxware/pw # ls -lah | grep test.pcap
-rw-r--r-- 1 root root 9.4K Apr 6 18:21 test.pcap