[OpenSIPS-Users] TLS SIP packet tracing and visualization

Bogdan-Andrei Iancu bogdan at opensips.org
Tue May 9 09:18:43 EDT 2017


Thank you Giovanni, that is a useful tool - we will document it in the 
OpenSIPS TLS tutorial, so other can benefit ;)

Many thanks,

Bogdan-Andrei Iancu
   OpenSIPS Founder and Developer
   http://www.opensips-solutions.com

OpenSIPS Summit May 2017 Amsterdam
   http://www.opensips.org/events/Summit-2017Amsterdam.html

On 05/02/2017 05:52 PM, Giovanni Maruzzelli wrote:
> For a cut and paste ready version, that has the correct carriage 
> returns (mangled by mail), check it in FreeSWITCH documentation:
>
> https://freeswitch.org/confluence/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka
>
> -giovanni
>
> On 2 May 2017 at 16:26, Giovanni Maruzzelli <gmaruzz at gmail.com 
> <mailto:gmaruzz at gmail.com>> wrote:
>
>     Hello fellows,
>
>     after some experimentation with various tools, I come out with a
>     little shell tool that maybe can be useful to you too.
>
>     It can only work with non-forward secrecy ciphers, obviously, and
>     only if is started before the client do the initial TLS handshake
>     (eg, just restart the client). Forward secrecy cannot be decrypted
>     after fact, so don't waste effort.
>
>     An example of ciphers that can be decrypted are the "AES256-SHA"
>     openssl cipher group. You can use ssldump to check what cipher is
>     used by serverhello.
>
>     Enjoy, make it better, and share it :)
>
>
>     #!/bin/bash
>     # brought to you by Giovanni Maruzzelli
>     #
>     SERVERIP="192.168.1.150"
>     SERVERPORT="5061"
>     PRIVKEY="/etc/certs/privkey.pem"
>     STDERR2DEVNULL=" 2>/dev/null "
>     REGEX="notyet"
>
>     if [ -z "$1" ]; then
>             REGEX="\\\.*"
>     else
>             REGEX="$1"
>     fi
>     FILTER="ssl.app_data and sip matches"
>     FILTER2="$FILTER \"$REGEX\""
>     FILTER3="'$FILTER2'"
>     ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number
>     -e frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e
>     sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d
>     tcp.port\=\=5061,sip  -o \"ssl.keys_list:
>     $SERVERIP,$SERVERPORT,sip,$PRIVKEY\" $STDERR2DEVNULL | sed -u
>     's/\t/\n/g' | sed -u '/^$/d' | sed -u
>     's/^[0-9]*$/\n==&==============================/g'"
>
>     echo ""
>     echo "NB: if it do not works, edit script so that
>     STDERR2DEVNULL=\" \" and try again"
>     echo ""
>     echo "NB: remember to quote and escape match patterns, using
>     triple slash"
>     echo "    eg, for matching 1010 at pbx.example.com
>     <mailto:1010 at pbx.example.com>, use \"1010 at pbx.example.com
>     <mailto:1010 at pbx.example.com>\""
>     echo "    eg, for matching anything, use \"\\\\\\.*\""
>     echo "    eg, for matching *98, use \"\\\\\\*98\""
>     echo "USAGE: $0 \"\\\\\\*98 at pbx.example.com
>     <mailto:98 at pbx.example.com>\""
>     echo ""
>
>
>     case "$1" in
>             -help|--help|?)
>             exit 0
>             ;;
>     *)
>             echo "THIS TIME WE'RE DOING:"
>             echo "tshark $ARGUMENT"
>             echo ""
>             bash -c "tshark $ARGUMENT"
>             ;;
>     esac
>
>
>
>     -- 
>
>     Sincerely,
>
>     Giovanni Maruzzelli
>     OpenTelecom.IT
>     cell: +39 347 266 56 18
>
>
>
>
> -- 
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170509/435e9ca6/attachment.html>


More information about the Users mailing list