[Freeswitch-users] [OpenSIPS-Users] TLS SIP packet tracing and visualization
Giovanni Maruzzelli
gmaruzz at gmail.com
Fri May 12 22:49:45 MSD 2017
Hello Daniel,
I would suggest this:
test it with latest master git code, add to your jira all relevant traces
etc with latest (eg, today's) git master code.
This will bump attention to it.
-giovanni
On 12 May 2017 at 20:37, Daniel Greenwald <dig1234 at gmail.com> wrote:
> Giovanni- I personally experience this issue on three different systems.
> I've tried all hep versions, and confirmed not a homer issue via wireshark.
> ie the HEP is not being sent for Inbound TLS messages. I did report it to
> Jira in Oct 2016 but got little attention. I still find HEP useful for
> outbound messages but it would be really nice to have two way SIP
> conversation in cleartext...
>
> https://freeswitch.org/jira/browse/FS-9657
>
>
>
> On Thu, May 11, 2017 at 11:45 AM, Tamas Jalsovszky <jalsot at gmail.com>
> wrote:
>
>> Does HEP send verto signaling info to Homer too?
>>
>> On 10 May 2017 at 21:38, Daniel Greenwald <dig1234 at gmail.com> wrote:
>>
>>> Thanks for this script!
>>> Theoretically it is possible to see TLS SIP traffic with freeswitch
>>> sending HEP to Homer. But there seems to be a bug in FS that only sends one
>>> side of SIP conversation (ie the FS side, not inbound messages)..
>>>
>>> On Tue, May 9, 2017 at 11:10 AM, Giovanni Maruzzelli <gmaruzz at gmail.com>
>>> wrote:
>>>
>>>> On 9 May 2017 at 15:18, Bogdan-Andrei Iancu <bogdan at opensips.org>
>>>> wrote:
>>>>
>>>>> Thank you Giovanni, that is a useful tool - we will document it in the
>>>>> OpenSIPS TLS tutorial, so other can benefit ;)
>>>>>
>>>>>
>>>>
>>>> Glad about it!
>>>> Be sure to get it from https://freeswitch.org/conflue
>>>> nce/display/FREESWITCH/Packet+Capture#PacketCapture-TLSwithsharka , is
>>>> the latest version with a couple fixes.
>>>>
>>>> -giovanni
>>>>
>>>>
>>>>
>>>>
>>>>> Many thanks,
>>>>>
>>>>> Bogdan-Andrei Iancu
>>>>> OpenSIPS Founder and Developer
>>>>> http://www.opensips-solutions.com
>>>>>
>>>>> OpenSIPS Summit May 2017 Amsterdam
>>>>> http://www.opensips.org/events/Summit-2017Amsterdam.html
>>>>>
>>>>> On 05/02/2017 05:52 PM, Giovanni Maruzzelli wrote:
>>>>>
>>>>> For a cut and paste ready version, that has the correct carriage
>>>>> returns (mangled by mail), check it in FreeSWITCH documentation:
>>>>>
>>>>> https://freeswitch.org/confluence/display/FREESWITCH/Packet+
>>>>> Capture#PacketCapture-TLSwithsharka
>>>>>
>>>>> -giovanni
>>>>>
>>>>> On 2 May 2017 at 16:26, Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:
>>>>>
>>>>>> Hello fellows,
>>>>>>
>>>>>> after some experimentation with various tools, I come out with a
>>>>>> little shell tool that maybe can be useful to you too.
>>>>>>
>>>>>> It can only work with non-forward secrecy ciphers, obviously, and
>>>>>> only if is started before the client do the initial TLS handshake (eg, just
>>>>>> restart the client). Forward secrecy cannot be decrypted after fact, so
>>>>>> don't waste effort.
>>>>>>
>>>>>> An example of ciphers that can be decrypted are the "AES256-SHA"
>>>>>> openssl cipher group. You can use ssldump to check what cipher is used by
>>>>>> serverhello.
>>>>>>
>>>>>> Enjoy, make it better, and share it :)
>>>>>>
>>>>>>
>>>>>> #!/bin/bash
>>>>>> # brought to you by Giovanni Maruzzelli
>>>>>> #
>>>>>> SERVERIP="192.168.1.150"
>>>>>> SERVERPORT="5061"
>>>>>> PRIVKEY="/etc/certs/privkey.pem"
>>>>>> STDERR2DEVNULL=" 2>/dev/null "
>>>>>> REGEX="notyet"
>>>>>>
>>>>>> if [ -z "$1" ]; then
>>>>>> REGEX="\\\.*"
>>>>>> else
>>>>>> REGEX="$1"
>>>>>> fi
>>>>>> FILTER="ssl.app_data and sip matches"
>>>>>> FILTER2="$FILTER \"$REGEX\""
>>>>>> FILTER3="'$FILTER2'"
>>>>>> ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number -e
>>>>>> frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e
>>>>>> sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d
>>>>>> tcp.port\=\=5061,sip -o \"ssl.keys_list: $SERVERIP,$SERVERPORT,sip,$PRIVKEY\"
>>>>>> $STDERR2DEVNULL | sed -u 's/\t/\n/g' | sed -u '/^$/d' | sed -u
>>>>>> 's/^[0-9]*$/\n==&==============================/g'"
>>>>>>
>>>>>> echo ""
>>>>>> echo "NB: if it do not works, edit script so that STDERR2DEVNULL=\"
>>>>>> \" and try again"
>>>>>> echo ""
>>>>>> echo "NB: remember to quote and escape match patterns, using triple
>>>>>> slash"
>>>>>> echo " eg, for matching 1010 at pbx.example.com, use \"
>>>>>> 1010 at pbx.example.com\""
>>>>>> echo " eg, for matching anything, use \"\\\\\\.*\""
>>>>>> echo " eg, for matching *98, use \"\\\\\\*98\""
>>>>>> echo "USAGE: $0 \"\\\\\\*98 at pbx.example.com\""
>>>>>> echo ""
>>>>>>
>>>>>>
>>>>>> case "$1" in
>>>>>> -help|--help|?)
>>>>>> exit 0
>>>>>> ;;
>>>>>> *)
>>>>>> echo "THIS TIME WE'RE DOING:"
>>>>>> echo "tshark $ARGUMENT"
>>>>>> echo ""
>>>>>> bash -c "tshark $ARGUMENT"
>>>>>> ;;
>>>>>> esac
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Sincerely,
>>>>>>
>>>>>> Giovanni Maruzzelli
>>>>>> OpenTelecom.IT
>>>>>> cell: +39 347 266 56 18
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Sincerely,
>>>>>
>>>>> Giovanni Maruzzelli
>>>>> OpenTelecom.IT
>>>>> cell: +39 347 266 56 18
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Sincerely,
>>>>
>>>> Giovanni Maruzzelli
>>>> OpenTelecom.IT
>>>> cell: +39 347 266 56 18
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
Sincerely,
Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170512/024fda7c/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list