Packet analysis
SIP trace analyzer online
Paste raw SIP output from sngrep, tcpdump, or Asterisk CLI. The parser formats headers, flags security issues, and highlights known scanner User-Agents like friendly-scanner and sipvicious.
Security warnings
- User-Agent: Known SIP scanner detected: "friendly-scanner". Block this source immediately.
Parsed message
INVITE sip:1001@10.0.0.1
Headers
| Header | Value |
|---|---|
| Via | SIP/2.0/UDP 185.243.115.84:5060;branch=z9hG4bK-12345 |
| From | <sip:scanner@185.243.115.84>;tag=abc123 |
| To | <sip:1001@10.0.0.1> |
| Call-ID | scan-001@185.243.115.84 |
| CSeq | 1 INVITE |
| Contact | <sip:scanner@185.243.115.84:5060> |
| Max-Forwards | 70 |
| User-Agent | friendly-scanner |
| Content-Type | application/sdp |
| Content-Length | 0 |
Formatted output
INVITE sip:1001@10.0.0.1 SIP/2.0 Via: SIP/2.0/UDP 185.243.115.84:5060;branch=z9hG4bK-12345 From: <sip:scanner@185.243.115.84>;tag=abc123 To: <sip:1001@10.0.0.1> Call-ID: scan-001@185.243.115.84 CSeq: 1 INVITE Contact: <sip:scanner@185.243.115.84:5060> Max-Forwards: 70 User-Agent: friendly-scanner Content-Type: application/sdp Content-Length: 0
How it works
Three steps to results
- 01
Paste raw SIP text
Copy a SIP message from sngrep, Wireshark 'Follow TCP Stream', or Asterisk verbose output. The parser handles INVITE, REGISTER, OPTIONS, BYE, and responses.
- 02
Review parsed headers
Each header is extracted into a sortable table. Request-URI, Via, Contact, User-Agent, and Authorization fields are highlighted for quick triage.
- 03
Check security warnings
Known scanner User-Agents, missing authentication on OPTIONS probes, and suspicious Request-URI patterns are flagged in red with remediation guidance.
FAQ
Frequently asked questions
Common questions about this tool and how it fits into your VoIP security workflow.
Contact support →Yes. Paste the raw text of any SIP message — request line, headers, and body — into this tool. It parses and formats the message without installing desktop software.
Related tools
More free VoIP utilities
Suspicious packet?
Check the source IP in our global honeypot database.
Cross-reference the attacking IP against 214 active SIP honeypots. See threat score, attack patterns, and first/last seen timestamps.