[Freeswitch-users] [OpenSIPS-Users] TLS SIP packet tracing and visualization

Tamas Jalsovszky jalsot at gmail.com
Thu May 11 19:45:53 MSD 2017 

Does HEP send verto signaling info to Homer too?

On 10 May 2017 at 21:38, Daniel Greenwald <dig1234 at gmail.com> wrote:

> Thanks for this script!
> Theoretically it is possible to see TLS SIP traffic with freeswitch
> sending HEP to Homer. But there seems to be a bug in FS that only sends one
> side of SIP conversation (ie the FS side, not inbound messages)..
>
> On Tue, May 9, 2017 at 11:10 AM, Giovanni Maruzzelli <gmaruzz at gmail.com>
> wrote:
>
>> On 9 May 2017 at 15:18, Bogdan-Andrei Iancu <bogdan at opensips.org> wrote:
>>
>>> Thank you Giovanni, that is a useful tool - we will document it in the
>>> OpenSIPS TLS tutorial, so other can benefit ;)
>>>
>>>
>>
>> Glad about it!
>> Be sure to get it from https://freeswitch.org/conflue
>> nce/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka , is
>> the latest version with a couple fixes.
>>
>> -giovanni
>>
>>
>>
>>
>>> Many thanks,
>>>
>>> Bogdan-Andrei Iancu
>>>   OpenSIPS Founder and Developer
>>>   http://www.opensips-solutions.com
>>>
>>> OpenSIPS Summit May 2017 Amsterdam
>>>   http://www.opensips.org/events/Summit-2017Amsterdam.html
>>>
>>> On 05/02/2017 05:52 PM, Giovanni Maruzzelli wrote:
>>>
>>> For a cut and paste ready version, that has the correct carriage returns
>>> (mangled by mail), check it in FreeSWITCH documentation:
>>>
>>> https://freeswitch.org/confluence/display/FREESWITCH/Packet+
>>> Capture#PacketCapture-TLSwithsharka
>>>
>>> -giovanni
>>>
>>> On 2 May 2017 at 16:26, Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:
>>>
>>>> Hello fellows,
>>>>
>>>> after some experimentation with various tools, I come out with a little
>>>> shell tool that maybe can be useful to you too.
>>>>
>>>> It can only work with non-forward secrecy ciphers, obviously, and only
>>>> if is started before the client do the initial TLS handshake (eg, just
>>>> restart the client). Forward secrecy cannot be decrypted after fact, so
>>>> don't waste effort.
>>>>
>>>> An example of ciphers that can be decrypted are the "AES256-SHA"
>>>> openssl cipher group. You can use ssldump to check what cipher is used by
>>>> serverhello.
>>>>
>>>> Enjoy, make it better, and share it :)
>>>>
>>>>
>>>> #!/bin/bash
>>>> # brought to you by Giovanni Maruzzelli
>>>> #
>>>> SERVERIP="192.168.1.150"
>>>> SERVERPORT="5061"
>>>> PRIVKEY="/etc/certs/privkey.pem"
>>>> STDERR2DEVNULL=" 2>/dev/null "
>>>> REGEX="notyet"
>>>>
>>>> if [ -z "$1" ]; then
>>>>         REGEX="\\\.*"
>>>> else
>>>>         REGEX="$1"
>>>> fi
>>>> FILTER="ssl.app_data and sip matches"
>>>> FILTER2="$FILTER \"$REGEX\""
>>>> FILTER3="'$FILTER2'"
>>>> ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number -e
>>>> frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e
>>>> sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d
>>>> tcp.port\=\=5061,sip  -o \"ssl.keys_list: $SERVERIP,$SERVERPORT,sip,$PRIVKEY\"
>>>> $STDERR2DEVNULL | sed -u 's/\t/\n/g' | sed -u '/^$/d' | sed -u
>>>> 's/^[0-9]*$/\n==&==============================/g'"
>>>>
>>>> echo ""
>>>> echo "NB: if it do not works, edit script so that STDERR2DEVNULL=\" \"
>>>> and try again"
>>>> echo ""
>>>> echo "NB: remember to quote and escape match patterns, using triple
>>>> slash"
>>>> echo "    eg, for matching 1010 at pbx.example.com, use \"
>>>> 1010 at pbx.example.com\""
>>>> echo "    eg, for matching anything, use \"\\\\\\.*\""
>>>> echo "    eg, for matching *98, use \"\\\\\\*98\""
>>>> echo "USAGE: $0 \"\\\\\\*98 at pbx.example.com\""
>>>> echo ""
>>>>
>>>>
>>>> case "$1" in
>>>>         -help|--help|?)
>>>>         exit 0
>>>>         ;;
>>>> *)
>>>>         echo "THIS TIME WE'RE DOING:"
>>>>         echo "tshark $ARGUMENT"
>>>>         echo ""
>>>>         bash -c "tshark $ARGUMENT"
>>>>         ;;
>>>> esac
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Sincerely,
>>>>
>>>> Giovanni Maruzzelli
>>>> OpenTelecom.IT
>>>> cell: +39 347 266 56 18
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Sincerely,
>>>
>>> Giovanni Maruzzelli
>>> OpenTelecom.IT
>>> cell: +39 347 266 56 18
>>>
>>>
>>> _______________________________________________
>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>
>>
>> --
>>
>> Sincerely,
>>
>> Giovanni Maruzzelli
>> OpenTelecom.IT
>> cell: +39 347 266 56 18
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170511/67347d89/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list