[Freeswitch-users] Question regarding continuous SIP trace with Freeswitch

David Villasmil david.villasmil.work at gmail.com
Tue Nov 9 09:41:51 UTC 2021


If you have the certs, sure you can decrypt it all. (And you must have,
since FS can manage the traffic).
Otherwise, look at the profile’s

https://github.com/signalwire/freeswitch/blob/master/conf/vanilla/autoload_configs/sofia.conf.xml

Capture-server to some ip fs will
Simply send there a copy of all messages. You can then catch them on that
side.

On Tue, 9 Nov 2021 at 05:49, Gregor Maier <freeswitch13 at mailbox.org> wrote:

>
> Hello David!
>
> On 09.11.21 at 00:19 David Villasmil wrote:
> > Then why not just run tcpdump filtering for the signaling port and rotate
> > every N bytes or Mb or whatever? And then simply pushing those files
> > somewhere you can later use them?
> >
> > Maybe I misunderstood something
>
> Yes. See my initial post: SIP (and RTP) is TLS'd and I don't have any
> certificate
> because the VoIP provider owns it.
>
> >
> > If what you want is to go at some on-demand time to trace, then just do
> it
> > like that.
>
> That's exactly what I'm doing with Asterisk. Asterisk is able to write
> pcap files.
> Therefore no problem.
>
> Just out of curiosity, I tested the actual Homer version (with Asterisk).
> But I
> gave up, because:
>
> - correlation does work only partly (maybe an Asterisk problem)
> - correlation of ongoing calls doesn't work (~5 minutes e.g. and much more)
> - for me, the basic list of result is highly confusing (single call legs
>    aren't correlated. Even Invite and answer 401 isn't correlated)
> - registers aren't correlated
> - search for something like CID's doesn't work reliably (it's working 2 or
> 3 times
>    - afterwards no more - tested w/ FF and Chromium - I wasn't able to
> search for 2
>    CIDs at the same time)
> - The GUI makes the browser going crazy (-> one CPU is used 100% after
> some time)
>
>
> sngrep is able to correlate single call legs over hours *out of the box* -
> why
> can't homer do the same? I don't think, a result list based on single
> methods is a
> good solution - or did I miss something? This could be very possible,
> because I
> wasn't able to find any reliable and complete and actual documentation.
>
> If sngrep could safe regular pcap files based on HEP data, sngrep would be
> the way
> to go - unfortunately, sngrep writes broken pcap files if the input data
> stream is
> HEP. That's a known missing feature at this time. Even sngrep itself can't
> read
> those pcap files any more.
>
>
> Thanks
> Gregor
>
-- 
Regards,

David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20211109/47b7d311/attachment.html>


More information about the FreeSWITCH-users mailing list