I need to capture SIP and RTP traffic to find a problem with something. I can capture SIP messages fine but am having a problem with capturing the RTP traffic.

I've tried the following but this is only getting out the SIP packages and no RTP.

tcpdump -T rtp -vvv src -s 1500 -i any -w /home/lantrace_test2.pcap port 5060

The other way I was thinking of doing it is as rtp uses a range of UDP ports, capturing the range that we are using for the RTP traffic but I can't find a way of capturing a range of ports so not sure if tcpdump supports port ranges for capture

Thanks for any help you can provide

Your SIP traffic runs over 5060, as you know, but the port on which to sniff RTP is described by the SDP bodies of the SIP messages. In other words, there's no way to know on which ports to sniff until the offer/answer exchange has completed.

If you know something about the user agents involved, then you could try tricks like capturing traffic on a range of ports. (Something like tcpdump -n dst portrange 10000-11000 for instance.)

You can try something like this:

tcpdump -i bond3 udp port 5060 or udp portrange 10500-11652 -s 0 -w filename.cap

With this you will capture SIP and Media

Take a look at pcapsipdump: Writes SIP/RTP sessions to disk in a same format, as "tcpdump -w", but one file per SIP session. Or use tshark with filtering as described here.