[Freeswitch-users] Question regarding continuous SIP trace with Freeswitch
david.villasmil.work at gmail.com
Tue Nov 9 09:42:30 UTC 2021
Bye that “other side” can be the same box.
On Tue, 9 Nov 2021 at 09:41, David Villasmil <david.villasmil.work at gmail.com>
> If you have the certs, sure you can decrypt it all. (And you must have,
> since FS can manage the traffic).
> Otherwise, look at the profile’s
> Capture-server to some ip fs will
> Simply send there a copy of all messages. You can then catch them on that
> On Tue, 9 Nov 2021 at 05:49, Gregor Maier <freeswitch13 at mailbox.org>
>> Hello David!
>> On 09.11.21 at 00:19 David Villasmil wrote:
>> > Then why not just run tcpdump filtering for the signaling port and
>> > every N bytes or Mb or whatever? And then simply pushing those files
>> > somewhere you can later use them?
>> > Maybe I misunderstood something
>> Yes. See my initial post: SIP (and RTP) is TLS'd and I don't have any
>> because the VoIP provider owns it.
>> > If what you want is to go at some on-demand time to trace, then just do
>> > like that.
>> That's exactly what I'm doing with Asterisk. Asterisk is able to write
>> pcap files.
>> Therefore no problem.
>> Just out of curiosity, I tested the actual Homer version (with Asterisk).
>> But I
>> gave up, because:
>> - correlation does work only partly (maybe an Asterisk problem)
>> - correlation of ongoing calls doesn't work (~5 minutes e.g. and much
>> - for me, the basic list of result is highly confusing (single call legs
>> aren't correlated. Even Invite and answer 401 isn't correlated)
>> - registers aren't correlated
>> - search for something like CID's doesn't work reliably (it's working 2
>> or 3 times
>> - afterwards no more - tested w/ FF and Chromium - I wasn't able to
>> search for 2
>> CIDs at the same time)
>> - The GUI makes the browser going crazy (-> one CPU is used 100% after
>> some time)
>> sngrep is able to correlate single call legs over hours *out of the box*
>> - why
>> can't homer do the same? I don't think, a result list based on single
>> methods is a
>> good solution - or did I miss something? This could be very possible,
>> because I
>> wasn't able to find any reliable and complete and actual documentation.
>> If sngrep could safe regular pcap files based on HEP data, sngrep would
>> be the way
>> to go - unfortunately, sngrep writes broken pcap files if the input data
>> stream is
>> HEP. That's a known missing feature at this time. Even sngrep itself
>> can't read
>> those pcap files any more.
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
email: david.villasmil.work at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the FreeSWITCH-users