Esc

sipnab v0.4.1

The SIP & RTP analysis tool for people who ship voice infrastructure.

One binary. One dependency (libpcap). Interactive TUI + CLI + REST API.
Built in Rust for speed, safety, and correctness.

Get Started → View on GitHub →
sipnab interactive TUI — call flow ladder with detail panel

See It In Action

Browse SIP dialogs, select one, and drill into the call flow ladder diagram with parsed message detail.

sipnab TUI demo

Press m to mark any message, then navigate — the Δ badge shows exact millisecond delta.

sipnab mark and delta demo

Press / to search dialogs by Call-ID, From, or To header in real time.

sipnab search demo

Switch to a different pcap file from within the TUI — no need to restart. Data is reloaded instantly.

sipnab file open demo

Press Tab to switch to RTP Streams — see SSRC, codec, jitter, packet loss, and duration for every media stream. Call flow shows RTP quality bars inline.

sipnab RTP streams TUI demo

See Everything

Interactive TUI with multi-participant ladder diagrams, auth collapse, retransmit folding, mark+delta timing. Four timestamp modes, message diff, split view with resizable panels.

Analyze Everything

First-class RTP: jitter, loss, MOS per stream. RTCP XR. Comfort noise detection. One-way audio diagnosis. NAT mismatch detection. SDP offer/answer timeline. Post-dial delay and setup time measurement.

Export Everything

PCAP, PCAP-NG, TXT, Mermaid sequence diagrams, JSON, NDJSON, Markdown call reports, fail2ban format, Wireshark filters, tshark display filters. Pipe NDJSON to jq for custom pipelines.

Quick Start

# Build from source
git clone https://github.com/NormB/sipnab.git
cd sipnab && cargo build --release

# Capture live SIP traffic
sudo sipnab -d eth0

# Analyze a pcap file
sipnab -I capture.pcap

# CLI mode with JSON output
sipnab -N --json -I capture.pcap

# Show only problematic calls
sudo sipnab -N -d eth0 --problems

# Filter specific calls
sipnab --filter "from.user == '1001' AND rtp.mos < 3.0"

# Detailed call report
sipnab -I capture.pcap --call-report "abc123@host" --markdown

What sipnab Does

Capability Details
Interactive TUI + CLIBoth modes in one binary. TUI for interactive analysis, CLI for batch/scripting.
RTP quality analysisJitter, packet loss, MOS (ITU-T G.107 E-model) per stream. RTCP XR parsing.
VoIP diagnosisOne-way audio detection, NAT mismatch, SDP timeline, PDD measurement.
Filter DSL30 fields, 7 operators, boolean combinators. Named aliases for common queries.
SecurityScanner detection, toll fraud, digest leak, registration flood. Fail2ban output.
TLS/SRTP decryptionTLS 1.2 + 1.3 via SSLKEYLOGFILE. SRTP auth verification (SDES key extraction).
Export formatsPCAP, PCAP-NG, TXT, JSON, NDJSON, CSV, HTML, Markdown, WAV audio, SIPp XML, RTP JSON.
HEP v2/v3Send and receive HEP for Homer/SIPCAPTURE integration.
REST API + PrometheusQuery dialogs, streams, stats via HTTP. Prometheus metrics endpoint.
MCP serverDrive sipnab from an AI agent (Claude Code, Claude Desktop, …) over stdio or HTTP. Eleven read-only tools cover dialogs, RTP, diagnostics, and security findings.
Browser analysisAnalyze pcap files in the browser via WASM. Zero upload, zero install.
Built in RustMemory-safe by construction. 1,340 automated tests. 5 MB static binary.

Engineered for Production

773K SIP parses/sec (INVITE, benchmarked)
453M RTP header parses/sec (benchmarked)
5 MB Stripped binary (musl, static)
100/500ms Adaptive poll (active/idle)
1340 Automated tests