SIP Trace Analyzer

AI-powered SIP trace and
PCAP analysis

Paste a SIP trace or upload a PCAP and get severity-ranked findings on signaling, media, NAT, encryption, and compliance — written the way a senior VoIP engineer would write them. In seconds.

Analyze a trace Create free account
Free tier · no credit card · 3 analyses per day
How it works

From raw trace to readable findings

Three steps. No tool installs. No SIP expertise required to read the output.

01
Paste or upload
Drop in a SIP trace from Asterisk, FreeSWITCH, Kamailio, OpenSIPS, or a vendor SBC. Or upload a PCAP up to 500 MB — we extract the SIP and RTP layers automatically.
02
AI analysis runs
Signaling, SDP, RTP, NAT topology, encryption, and compliance get checked in parallel. Multi-endpoint correlation finds issues that single-trace views miss.
03
Read the report
Severity-ranked findings with evidence and recommendations. Ask follow-up questions in plain English. Export to PDF for tickets and post-mortems.
What it analyzes

Every layer engineers actually debug

Not just SIP response codes — the full stack from signaling to media to compliance, with context-aware diagnostics for each.

SIP signaling
Response codes, dialog state, timers, auth flows, registration anomalies, retransmissions
SDP and media negotiation
Codec offer/answer, ptime mismatch, ICE candidates, DTLS-SRTP, fmtp parameters, payload type drift
RTP and call quality
Packet loss from RTCP, jitter measurement, MOS estimation, one-way audio detection, DTMF mode
NAT and topology
Private IP detection, symmetric RTP latching, SBC rewriting, Contact vs Via mismatches, hop visibility
Encryption and identity
TLS signaling, SRTP profile detection, STIR/SHAKEN attestation, verstat header, certificate chain hints
Compliance evidence
HIPAA, PCI-DSS, SOC 2, STIR/SHAKEN, E911 — structured evidence from the trace, not generic checklists
Follow-up questions
Continue the analysis in plain English. Ask why something failed, request deeper investigation on any finding
Multi-endpoint correlation
Compare what each endpoint actually saw — catches issues that any single trace would hide
Sample analysis

What the output looks like

Below: a synthetic example using documentation-range IPs (RFC 5737). Real analyses produce the same structure: detected context, severity-ranked findings, evidence, recommendations, and a continued conversation.

4 context items detected from your data
Platform: Cisco BroadWorks× Topology: Private IPs detected — NAT likely× Feature: DTMF (RFC 2833) in use× 192.0.2.10 — Originating UA× 198.51.100.20 — Carrier SBC× 203.0.113.10 — External provider×
Add endpoint Run analysis
Diagnostic report
1 endpoint · 5 findings · analyzed in 8.2s
Save PDF Copy as text Compliance
1Critical 2Warning 2Info
Executive summary
Outbound INVITE rejected with 488 Not Acceptable Here after codec negotiation failure. Originating side offered G.722/PCMU/G.729; carrier SBC at 198.51.100.20 answered with PCMU only; final destination at 203.0.113.10 declined PCMU due to ptime mismatch. NAT traversal succeeded but DTMF range advertised exceeds RFC 2833 standard payload set.
Critical Codec
Endpoint A
Call failed: 488 after codec narrowing
INVITE offered G722/PCMU/G729; carrier SBC stripped G.722 and forwarded PCMU only; far end at 203.0.113.10 responded 488 citing ptime=30 mismatch (offered 20ms). The codec narrowing at the SBC is removing the only codec both endpoints supported at the advertised ptime.
Recommendation: Either configure the SBC to preserve G.722 in offer-forward, or align ptime to 20ms across all SDP lines. Confirm with carrier whether their ptime=30 is enforced or negotiable.
Warning Signaling
Endpoint A
DTMF telephone-event range outside RFC 2833
Originating side advertised telephone-event/8000 with events 0-16; only 0-15 are standard per RFC 4733. Event 16 (flash) is non-standard and may be silently dropped by 198.51.100.20.
Recommendation: Align telephone-event range to 0-15 across all endpoints unless flash signaling is intentionally required and confirmed supported downstream.
Warning NAT
Endpoint A
SDP private IP not rewritten
Initial INVITE contains private IP 192.0.2.10 in SDP c= line. The SBC at 198.51.100.20 rewrites the Via header but leaves the SDP connection address unrewritten. Far-end RTP would be sent to an unroutable address if this INVITE were not intercepted.
Recommendation: Enable SDP rewriting (often labelled "media address rewrite" or "NAT helper") on the SBC for this trunk profile.
Info Routing
Endpoint A
Multi-hop path detected
Call traverses: 192.0.2.10 → 198.51.100.20 → 203.0.113.10. Three-hop path increases failure surface area and complicates diagnostic capture — consider mirror ports at the SBC for future captures.
Info Timing
Endpoint A
Call setup duration 1.4 seconds
From initial INVITE to 488 response: 1.4s. Within normal range for cross-carrier transit. No retransmissions observed before the final response.
Built for

Engineers shipping voice infrastructure

Different teams use the analyzer differently — same product, three common patterns.

VoIP and SIP engineers
You capture traces with sngrep, Wireshark, or Homer and need to interpret them quickly. The analyzer reads the trace the way a senior engineer would — surfacing what matters, ignoring what does not.
MSPs and ITSPs
Customers send you traces from incidents. You need to triage fast and respond with confidence. Multi-endpoint correlation makes finger-pointing replaceable with actual diagnosis.
AI voice agent teams
Vapi, Bland, Retell, and similar platforms hit SIP issues that look like model quality problems. The analyzer separates SIP causes (codec, NAT, jitter) from actual model behaviour.
How it compares

Built to interpret, not to capture

SIPSymposium is the analysis layer for traces you have already captured. It does not replace capture tools — most teams use both.

Tool Primary job Output SIP expertise required
sngrep Live SIP terminal monitor Raw SIP dialogs, colour-coded High
Wireshark Offline PCAP inspector Packets, filters, call flow diagram High
Homer / sipcapture SIP archive and storage Searchable historic SIP data High
VoIPmonitor Continuous quality monitoring MOS, jitter, packet loss dashboards Medium
SIPSymposium AI analysis of existing traces Severity-ranked findings with fixes Low
Pricing

Try it free. Upgrade when it earns it.

Free tier includes 3 analyses per day with no credit card required — enough to confirm the analyzer reads your traces the way you want. Paid tiers raise the daily limit and add PCAP support, team workspaces, and API access.

Start analyzing See pricing

Have a trace to analyze?

Paste it in. Get findings, evidence, and recommendations in seconds — the way a senior engineer would write them.

Open the analyzer