[Freeswitch-users] Question regarding continuous SIP trace with Freeswitch

David Villasmil david.villasmil.work at gmail.com
Tue Nov 9 09:42:30 UTC 2021 

Bye that “other side” can be the same box.

On Tue, 9 Nov 2021 at 09:41, David Villasmil <david.villasmil.work at gmail.com>
wrote:

> If you have the certs, sure you can decrypt it all. (And you must have,
> since FS can manage the traffic).
> Otherwise, look at the profile’s
>
>
> https://github.com/signalwire/freeswitch/blob/master/conf/vanilla/autoload_configs/sofia.conf.xml
>
> Capture-server to some ip fs will
> Simply send there a copy of all messages. You can then catch them on that
> side.
>
> On Tue, 9 Nov 2021 at 05:49, Gregor Maier <freeswitch13 at mailbox.org>
> wrote:
>
>>
>> Hello David!
>>
>> On 09.11.21 at 00:19 David Villasmil wrote:
>> > Then why not just run tcpdump filtering for the signaling port and
>> rotate
>> > every N bytes or Mb or whatever? And then simply pushing those files
>> > somewhere you can later use them?
>> >
>> > Maybe I misunderstood something
>>
>> Yes. See my initial post: SIP (and RTP) is TLS'd and I don't have any
>> certificate
>> because the VoIP provider owns it.
>>
>> >
>> > If what you want is to go at some on-demand time to trace, then just do
>> it
>> > like that.
>>
>> That's exactly what I'm doing with Asterisk. Asterisk is able to write
>> pcap files.
>> Therefore no problem.
>>
>> Just out of curiosity, I tested the actual Homer version (with Asterisk).
>> But I
>> gave up, because:
>>
>> - correlation does work only partly (maybe an Asterisk problem)
>> - correlation of ongoing calls doesn't work (~5 minutes e.g. and much
>> more)
>> - for me, the basic list of result is highly confusing (single call legs
>>    aren't correlated. Even Invite and answer 401 isn't correlated)
>> - registers aren't correlated
>> - search for something like CID's doesn't work reliably (it's working 2
>> or 3 times
>>    - afterwards no more - tested w/ FF and Chromium - I wasn't able to
>> search for 2
>>    CIDs at the same time)
>> - The GUI makes the browser going crazy (-> one CPU is used 100% after
>> some time)
>>
>>
>> sngrep is able to correlate single call legs over hours *out of the box*
>> - why
>> can't homer do the same? I don't think, a result list based on single
>> methods is a
>> good solution - or did I miss something? This could be very possible,
>> because I
>> wasn't able to find any reliable and complete and actual documentation.
>>
>> If sngrep could safe regular pcap files based on HEP data, sngrep would
>> be the way
>> to go - unfortunately, sngrep writes broken pcap files if the input data
>> stream is
>> HEP. That's a known missing feature at this time. Even sngrep itself
>> can't read
>> those pcap files any more.
>>
>>
>> Thanks
>> Gregor
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
>
-- 
Regards,

David Villasmil
email: david.villasmil.work at gmail.com
phone: +34669448337
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20211109/454f49cf/attachment-0001.html>

More information about the FreeSWITCH-users mailing list