Was the SIP message on a TCP port where another process was listening?

 

I think that a SIP message sent to any TCP port should show up in sngrep, so if you have a webserver, etc. listening then the full packet flow might look like this:

 

 

remote_host:12345                 web_server:80

              === TCP SYN         ===>              

             <=== TCP SYN/ACK     ===                

              === TCP ACK         ===> 

              === SIP INVITE      ===> **SHOWS in sngrep**

             <=== TCP ACK         ===

             <=== 400 Bad Request ===  **NOT in sngrep**

 

Regards,

Ben Kaufman