VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
freeswitch-users at li...
Guest
|
 Posted: Tue Nov 02, 2021 10:33 pm Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
 |
|
------ Start of attached email. Subject: Question regarding continuous SIP trace with Freeswitch ------
Hello!
I'm currently struggling how to continuously trace all SIP packages from and to Freeswitch. Tcpdump or sngrep solely or similar tools aren't a solution, because SIP is
encrypted (TLS). Asterisk provides an internal interface which logs all (or only restricted hosts e.g.) SIP packages to pcap (after decryption or before encryption of course).
I found https://freeswitch.org/confluence/display/FREESWITCH/Packet+Capture - but there is no solution which handles the case "registering as client to a providers SIP
server" (there is no local private key involved - the provider is the owner of the private key).
Voipmonitor is pretty oversized for the planned use case (home server running on an APU 4 device (https://pcengines.ch/apu4d4.htm) on a sd card).
Is there a similar and practical way how Freeswitch can log SIP packages to pcap?
Thanks
Gregor
------ End of attached email ------
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
| Back to top |
|
 |
david.villasmil.work a...
Guest
|
|
| Back to top |
|
|
dgreenwald at gmail.com
Guest
|
| Posted: Fri Nov 05, 2021 2:54 pm Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
|
|
If homer is overkill. You could turn on sip trace which will log sip to fs log. Or configure sip capture to send HEP directly into sngrep.
On Wed, Nov 3, 2021 at 7:36 AM David Villasmil <david.villasmil.work@gmail.com (david.villasmil.work@gmail.com)> wrote:
|
|
| Back to top |
|
|
freeswitch-users at li...
Guest
|
|
| Back to top |
|
|
david.villasmil.work a...
Guest
|
|
| Back to top |
|
|
freeswitch-users at li...
Guest
|
| Posted: Mon Nov 08, 2021 1:39 pm Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
|
|
------ Start of attached email. Subject: Re: [Freeswitch-users] Question regarding continuous SIP trace with Freeswitch ------
On 06.11.21 at 03:03 David Villasmil wrote:
| Quote: | At the risk of repressing myself: Homer?
|
Ok, as there seems to be no other solution, I tried it. Thank Good, it isn't too
big. I feared it would be more.
I saw it's possible to export pcap traces on the UI for the selected calls.
Therefore it's anyway possible to use sngrep to better analyze calls.
Getting rtp quality info is a nice side effect.
Thanks for being persistent!
Gregor
------ End of attached email ------
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
| Back to top |
|
|
freeswitch-users at li...
Guest
|
| Posted: Mon Nov 08, 2021 1:56 pm Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
|
|
------ Start of attached email. Subject: Re: [Freeswitch-users] Question regarding continuous SIP trace with Freeswitch ------
On 06.11.21 at 03:03 David Villasmil wrote:
| Quote: | At the risk of repressing myself: Homer?
|
Yes, David, I already heard it - but I don't know the way from Homer to pcap - I
want to analyze SIP packages with sngrep! Because it's extremely handy and
powerful! Especially if it comes to compare different messages and measure time
between arbitrary packages.
And Homer is bloatware *compared to my requirement*.
sngrep would be the desired and best solution *for me* if it would be able to
write correct pcap files while acting as HEP server.
Thanks
Gregor
------ End of attached email ------
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
| Back to top |
|
|
david.villasmil.work a...
Guest
|
| Posted: Mon Nov 08, 2021 6:44 pm Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
|
|
Then why not just run tcpdump filtering for the signaling port and rotate every N bytes or Mb or whatever? And then simply pushing those files somewhere you can later use them?
Maybe I misunderstood something
If what you want is to go at some on-demand time to trace, then just do it like that.
On Mon, 8 Nov 2021 at 18:46, Gregor Maier via FreeSWITCH-users <freeswitch-users@lists.freeswitch.org (freeswitch-users@lists.freeswitch.org)> wrote:
--
Regards,
David Villasmilemail: david.villasmil.work@gmail.com (david.villasmil.work@gmail.com)
phone: +34669448337 |
|
| Back to top |
|
|
david.villasmil.work a...
Guest
|
| Posted: Tue Nov 09, 2021 5:21 am Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
|
|
Bye that “other side” can be the same box.
On Tue, 9 Nov 2021 at 09:41, David Villasmil <david.villasmil.work@gmail.com (david.villasmil.work@gmail.com)> wrote:
| Quote: | If you have the certs, sure you can decrypt it all. (And you must have, since FS can manage the traffic).
Otherwise, look at the profile’s
https://github.com/signalwire/freeswitch/blob/master/conf/vanilla/autoload_configs/sofia.conf.xml
Capture-server to some ip fs will
Simply send there a copy of all messages. You can then catch them on that side.
On Tue, 9 Nov 2021 at 05:49, Gregor Maier <freeswitch13@mailbox.org (freeswitch13@mailbox.org)> wrote:
| Quote: |
Hello David!
On 09.11.21 at 00:19 David Villasmil wrote:
| Quote: | Then why not just run tcpdump filtering for the signaling port and rotate
every N bytes or Mb or whatever? And then simply pushing those files
somewhere you can later use them?
Maybe I misunderstood something
|
Yes. See my initial post: SIP (and RTP) is TLS'd and I don't have any certificate
because the VoIP provider owns it.
| Quote: |
If what you want is to go at some on-demand time to trace, then just do it
like that.
|
That's exactly what I'm doing with Asterisk. Asterisk is able to write pcap files.
Therefore no problem.
Just out of curiosity, I tested the actual Homer version (with Asterisk). But I
gave up, because:
- correlation does work only partly (maybe an Asterisk problem)
- correlation of ongoing calls doesn't work (~5 minutes e.g. and much more)
- for me, the basic list of result is highly confusing (single call legs
aren't correlated. Even Invite and answer 401 isn't correlated)
- registers aren't correlated
- search for something like CID's doesn't work reliably (it's working 2 or 3 times
- afterwards no more - tested w/ FF and Chromium - I wasn't able to search for 2
CIDs at the same time)
- The GUI makes the browser going crazy (-> one CPU is used 100% after some time)
sngrep is able to correlate single call legs over hours *out of the box* - why
can't homer do the same? I don't think, a result list based on single methods is a
good solution - or did I miss something? This could be very possible, because I
wasn't able to find any reliable and complete and actual documentation.
If sngrep could safe regular pcap files based on HEP data, sngrep would be the way
to go - unfortunately, sngrep writes broken pcap files if the input data stream is
HEP. That's a known missing feature at this time. Even sngrep itself can't read
those pcap files any more.
Thanks
Gregor
|
--
Regards,
David Villasmilemail: david.villasmil.work@gmail.com (david.villasmil.work@gmail.com)
phone: +34669448337
|
--
Regards,
David Villasmilemail: david.villasmil.work@gmail.com (david.villasmil.work@gmail.com)
phone: +34669448337 |
|
| Back to top |
|
|
david.villasmil.work a...
Guest
|
| Posted: Tue Nov 09, 2021 5:28 am Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
|
|
If you have the certs, sure you can decrypt it all. (And you must have, since FS can manage the traffic).
Otherwise, look at the profile’s
https://github.com/signalwire/freeswitch/blob/master/conf/vanilla/autoload_configs/sofia.conf.xml
Capture-server to some ip fs will
Simply send there a copy of all messages. You can then catch them on that side.
On Tue, 9 Nov 2021 at 05:49, Gregor Maier <freeswitch13@mailbox.org (freeswitch13@mailbox.org)> wrote:
| Quote: |
Hello David!
On 09.11.21 at 00:19 David Villasmil wrote:
| Quote: | Then why not just run tcpdump filtering for the signaling port and rotate
every N bytes or Mb or whatever? And then simply pushing those files
somewhere you can later use them?
Maybe I misunderstood something
|
Yes. See my initial post: SIP (and RTP) is TLS'd and I don't have any certificate
because the VoIP provider owns it.
| Quote: |
If what you want is to go at some on-demand time to trace, then just do it
like that.
|
That's exactly what I'm doing with Asterisk. Asterisk is able to write pcap files.
Therefore no problem.
Just out of curiosity, I tested the actual Homer version (with Asterisk). But I
gave up, because:
- correlation does work only partly (maybe an Asterisk problem)
- correlation of ongoing calls doesn't work (~5 minutes e.g. and much more)
- for me, the basic list of result is highly confusing (single call legs
aren't correlated. Even Invite and answer 401 isn't correlated)
- registers aren't correlated
- search for something like CID's doesn't work reliably (it's working 2 or 3 times
- afterwards no more - tested w/ FF and Chromium - I wasn't able to search for 2
CIDs at the same time)
- The GUI makes the browser going crazy (-> one CPU is used 100% after some time)
sngrep is able to correlate single call legs over hours *out of the box* - why
can't homer do the same? I don't think, a result list based on single methods is a
good solution - or did I miss something? This could be very possible, because I
wasn't able to find any reliable and complete and actual documentation.
If sngrep could safe regular pcap files based on HEP data, sngrep would be the way
to go - unfortunately, sngrep writes broken pcap files if the input data stream is
HEP. That's a known missing feature at this time. Even sngrep itself can't read
those pcap files any more.
Thanks
Gregor
|
--
Regards,
David Villasmilemail: david.villasmil.work@gmail.com (david.villasmil.work@gmail.com)
phone: +34669448337 |
|
| Back to top |
|
|
freeswitch-users at li...
Guest
|
| Posted: Tue Nov 09, 2021 9:39 am Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
|
|
------ Start of attached email. Subject: Re: [Freeswitch-users] Question regarding continuous SIP trace with Freeswitch ------
Hello David!
On 09.11.21 at 00:19 David Villasmil wrote:
| Quote: | Then why not just run tcpdump filtering for the signaling port and rotate
every N bytes or Mb or whatever? And then simply pushing those files
somewhere you can later use them?
Maybe I misunderstood something
|
Yes. See my initial post: SIP (and RTP) is TLS'd and I don't have any certificate
because the VoIP provider owns it.
| Quote: |
If what you want is to go at some on-demand time to trace, then just do it
like that.
|
That's exactly what I'm doing with Asterisk. Asterisk is able to write pcap files.
Therefore no problem.
Just out of curiosity, I tested the actual Homer version (with Asterisk). But I
gave up, because:
- correlation does work only partly (maybe an Asterisk problem)
- correlation of ongoing calls doesn't work (~5 minutes e.g. and much more)
- for me, the basic list of result is highly confusing (single call legs
aren't correlated. Even Invite and answer 401 isn't correlated)
- registers aren't correlated
- search for something like CID's doesn't work reliably (it's working 2 or 3 times
- afterwards no more - tested w/ FF and Chromium - I wasn't able to search for 2
CIDs at the same time)
- The GUI makes the browser going crazy (-> one CPU is used 100% after some time)
sngrep is able to correlate single call legs over hours *out of the box* - why
can't homer do the same? I don't think, a result list based on single methods is a
good solution - or did I miss something? This could be very possible, because I
wasn't able to find any reliable and complete and actual documentation.
If sngrep could safe regular pcap files based on HEP data, sngrep would be the way
to go - unfortunately, sngrep writes broken pcap files if the input data stream is
HEP. That's a known missing feature at this time. Even sngrep itself can't read
those pcap files any more.
Thanks
Gregor
------ End of attached email ------
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
| Back to top |
|
|
freeswitch-users at li...
Guest
|
| Posted: Wed Nov 10, 2021 10:40 pm Post subject: [Freeswitch-users] Question regarding continuous SIP trace w |
|
|
------ Start of attached email. Subject: Re: [Freeswitch-users] Question regarding continuous SIP trace with Freeswitch ------
Hello David,
On 09.11.21 at 10:41 David Villasmil wrote:
| Quote: | If you have the certs, sure you can decrypt it all. (And you must have,
since FS can manage the traffic).
|
=> No, if FS doesn't act as server (from a TCP perspective - not SIP), FS doesn't need and has no certificates at all. Connecting to a trunk via *flows* (this is standard
(here) for trunks for home / private or small business internet customers (usually behind NAT)) doesn't need any server part at all.
That's exactly what's used by homer (heplify-server). Or sngrep. See my other post regarding those tools.
Thanks
Gregor
------ End of attached email ------
_________________________________________________________________________
The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
Build your next product on our scalable cloud platform.
Join our online community to chat in real time https://signalwire.community
Professional FreeSWITCH Services
sales@freeswitch.com
https://freeswitch.com
Official FreeSWITCH Sites
https://freeswitch.com/oss
https://freeswitch.org/confluence
https://cluecon.com
FreeSWITCH-users mailing list
FreeSWITCH-users@lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
https://freeswitch.com |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
