[OpenSIPS-Users] Using sngrep for visualising encrypted SIP traffic

Ovidiu Sas osas at voipembedded.com
Wed Mar 24 15:05:38 EST 2021


Ciao Giovanni,

Those are great additions! I will integrate them into the blog, to be
more comprehensive.

Thanks,
Ovidiu

On Wed, Mar 24, 2021 at 10:31 AM Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:
>
> Ciao Ovidiu!
>
> We're often in parallel :)
>
> I found that if you create the transaction before creating (if any) the dialog, then the ACK is traced even from HEP.
>
> What I would add to the super nice recipe is:
>
> - let's give a portrange to sngrep, so it will not analyze all traffic on all ports, and will not trace the RTP packets too
> - let's give a limit on how many dialogs will keep in memory, default is 2000
> - let's do a rotation of dialogs, FIFO, so will keep the latest and discard the older
> - let's try to understand fragmented udp too
> - let's use aliases for having names for our servers
> - let's not listen for HEP trace when we want (without duplicate display)
>
> - let's send both to a local sngrep and a remote homer
> - let's trace the 100 reply to INVITE too
>
> =========
>
> let's put in .bashrc:
>
> alias sngrepa='sngrep -l 5000 -R -Ludp:127.0.0.1:9080 -v "OPTIONS\ sip" "portrange 5050-5090 or (ip[6:2] & 0x1fff) != 0"'
> alias sngrepw='sngrep -l 5000 -R -v "OPTIONS\ sip" "portrange 9069-9071 or (ip[6:2] & 0x1fff) != 0"'
>
> sngrepa will be used for "normal traffic", "sngrepw" for HEP trace
> the negation of OPTIONS would not be useful in sngrepw, but is there so the command line understands when the BPF filter begins
>
> =========
>
> opensips.cfg:
>
> modparam("tm", "auto_100trying", 0)
>
> modparam("proto_hep", "hep_id", "[hep_dst] 127.0.0.1:9070; transport=udp; version=3")
> modparam("proto_hep", "hep_id", "[hep_dst2] 168.77.20.250:9060; transport=udp; version=3")
> modparam("proto_hep", "homer5_on", 1)
> modparam("proto_hep", "homer5_delim", "#")
> modparam("proto_hep", "hep_capture_id", 100)
>
> modparam("tracer", "trace_on", 1)
> modparam("tracer", "trace_id", "[sngrep]uri=hep:hep_dst")
> modparam("tracer", "trace_id", "[homer]uri=hep:hep_dst2")
>
> route {
>         t_newtran();
>
>         if (!has_totag()) {
>                 if(is_method("INVITE") ) {
>                         trace("sngrep", "D");
>                         trace("homer", "D");
>                         send_reply(100, "Trying Hard");
>                 }
>         } else {
>                 match_dialog();
>         }
>
>         if(is_method("MESSAGE|REGISTER|SUBSCRIBE|NOTIFY|PUBLISH") ) {
>                 trace("sngrep", "T");
>                 trace("homer", "T");
>         }
> }
>
> local_route {
>         if(is_method("NOTIFY") ) {
>                 trace("sngrep", "M");
>                 trace("homer", "M");
>         }
> }
>
> onreply_route[local] {
>         if(is_method("NOTIFY") ) {
>                 trace("sngrep", "M");
>                 trace("homer", "M");
>         }
> }
>
> =========
>
> beginning of the commonc .sngreprc:
>
> alias 168.77.20.201 FS1
> alias 168.77.20.202 FS2
> alias 168.77.20.203 FS3
> alias 67.153.242.46 LB
> alias 168.77.20.200 LB
> alias 194.143.78.61 GW1
> alias 94.43.18.61 GW2
> ...
> set background default
> ...
> set eep.listen on
> set eep.listen.version 3
> set eep.listen.address 127.0.0.1
> set eep.listen.port 9070
> set eep.listen.pass
> set eep.listen.uuid off
>
>
> -giovanni
>
>
> On Wed, Mar 24, 2021 at 2:43 AM Ovidiu Sas <osas at voipembedded.com> wrote:
>>
>> Hello all,
>>
>> Here's a quick recipe to ease the troubleshooting of encrypted SIP traffic:
>> https://voipembedded.wordpress.com/2021/03/23/troubleshooting-opensips-encrypted-sip-traffic/
>>
>> Regards,
>> Ovidiu Sas
>>
>> --
>> VoIP Embedded, Inc.
>> http://www.voipembedded.com
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> --
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



-- 
VoIP Embedded, Inc.
http://www.voipembedded.com



More information about the Users mailing list