<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>network sniffers (such as wireshark, ngrep, tcpdump, sngrep, ...)
capture the traffic at network interface layer (well, using some
kernel hooks), before getting to application layer (even before
the firewall) and I expect is the same for heplify. They do not
"receive" the packets like an application that does "listen", just
take a copy of the traffic via those kernel hooks and then the
packets are sent to the application layer. In other words, heplify
doesn't received the sip traffic and then resends it locally, just
gets a copy of the traffic.<br>
</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 27.10.19 09:16, Igor Olhovskiy
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:c8f7e4f7-ec48-4325-baca-88034f29fbe6@Spark">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<div name="messageBodySection">
<div dir="auto">So, at the end it would be like
<div dir="auto">Heplify captures traffic and sending it to
localhost, where Kamailio listens. </div>
<div dir="auto">Thanks, will give it a try. </div>
</div>
</div>
<div name="messageSignatureSection"><br>
<div dir="auto">Regards, Igor</div>
</div>
<div name="messageReplySection">On 26 Oct 2019, 21:21 +0200,
Federico Cabiddu <a class="moz-txt-link-rfc2396E" href="mailto:federico.cabiddu@gmail.com"><federico.cabiddu@gmail.com></a>, wrote:<br>
<blockquote type="cite" class="spark_quote" style="margin: 5px
5px; padding-left: 10px; border-left: thin solid #1abc9c;">
<div dir="auto">Just use heplify or captagent for this:
<div dir="auto"><a
href="https://github.com/sipcapture/heplify"
moz-do-not-send="true">https://github.com/sipcapture/heplify</a><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto"><a
href="https://github.com/sipcapture/captagent"
moz-do-not-send="true">https://github.com/sipcapture/captagent</a><br>
</div>
<div dir="auto">You can run them on the same machines where
you're running your sip services and send the captured
traffic to a homer instance. </div>
<div dir="auto"><br>
</div>
<div dir="auto">Cheers, </div>
<div dir="auto"><br>
</div>
<div dir="auto">Federico </div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, 26 Oct 2019, 20:40
Igor Olhovskiy, <<a
href="mailto:igorolhovskiy@gmail.com"
moz-do-not-send="true">igorolhovskiy@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote spark_quote" style="margin:
5px 5px; padding-left: 10px; border-left: thin solid
#e67e22;">
<div>I'm trying to avoid SIP packet touching at all. Plus,
I can't move third-party soft to other port/interface or
so.</div>
<br>
<div>Idea is I don't want for Kamailio to be a proxy, but
a sip packet analyzer for mirrored port, but on same
machine.</div>
<br>
<div>On Oct 26 2019, at 6:40 pm, David Villasmil <<a
href="mailto:david.villasmil.work@gmail.com"
target="_blank" rel="noreferrer"
moz-do-not-send="true">david.villasmil.work@gmail.com</a>>
wrote:</div>
<blockquote class="spark_quote" style="margin: 5px 5px;
padding-left: 10px; border-left: thin solid #3498db;">
<div>
<div>
<div>Why not just receiving with kamailio and
transparently proxying to the pbx after capturing?
I.e.: kamailio in the middle</div>
</div>
<div><br>
<div class="gmail_quote">
<div class="gmail_attr">
<div>On Sat, 26 Oct 2019 at 14:46, Igor
Olhovskiy <<a
href="mailto:igorolhovskiy@gmail.com"
title="mailto:igorolhovskiy@gmail.com"
target="_blank" rel="noreferrer"
moz-do-not-send="true">igorolhovskiy@gmail.com</a>>
wrote:</div>
</div>
<blockquote class="spark_quote" style="margin: 5px
5px; padding-left: 10px; border-left: thin solid
#d35400;">
<div>Hi!</div>
<br>
<div>I'm trying to get Kamailio working as a
traffic capture on a same machine with other
PBX software installed.</div>
<br>
<div>Actually, traffic is mirrored with</div>
<br>
<div>
<div>iptables -A PREROUTING -t mangle -i eth0
-p udp --dport 5060 -j TEE --gateway <a
href="https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/0?redirect=127.0.0.2&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn"
title="https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/0?redirect=127.0.0.2&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn"
target="_blank" rel="noreferrer"
moz-do-not-send="true">127.0.0.2</a></div>
<div>iptables -t nat -A PREROUTING -d
127.0.0.2 -p udp --dport 5060 -j DNAT --to <a
href="https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/1?redirect=127.0.0.1%3A5062&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn"
title="https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/1?redirect=127.0.0.1%3A5062&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn"
target="_blank" rel="noreferrer"
moz-do-not-send="true">127.0.0.1:5062</a></div>
</div>
<br>
<div>Kamailio request route is super simple</div>
<div>request_route {</div>
<div> xlog("L_ALERT", "[SIP-PACKET] Got
packet [F=$fu R=$ru D=$du M=$rm IP=($si:$sp
$Ri:$Rp) ID=$ci]\n");</div>
<div> drop;</div>
<div>}</div>
<br>
<div>I was trying to get Kamailio just listen on
interface <a href="http://127.0.0.1:5062"
target="_blank" rel="noreferrer"
moz-do-not-send="true">127.0.0.1:5062</a>,
but no luck</div>
<br>
<div>listen=udp:<a href="http://127.0.0.1:5062"
title="http://127.0.0.1:5062"
target="_blank" rel="noreferrer"
moz-do-not-send="true">127.0.0.1:5062</a></div>
<br>
<div>Next was to use sipcapture module with
following parameters</div>
<br>
<div>loadmodule "sipcapture.so"</div>
<div>modparam("sipcapture", "db_url",
"text:///tmp/")</div>
<div>modparam("sipcapture", "raw_socket_listen",
"127.0.0.1:5060-5062")</div>
<div>modparam("sipcapture", "raw_interface",
"lo")</div>
<div>modparam("sipcapture", "promiscious_on", 1)</div>
<br>
<div>Also no luck. Means Kamailio can't see
packets, but I see em with wireshark on lo
interface.</div>
<br>
<div>What is best way to get it working? Or I'm
missing something?</div>
<br>
<div>Thanks!</div>
<div>_______________________________________________</div>
<div>Kamailio (SER) - Users Mailing List</div>
<div><a
href="mailto:sr-users@lists.kamailio.org"
title="mailto:sr-users@lists.kamailio.org"
target="_blank" rel="noreferrer"
moz-do-not-send="true">sr-users@lists.kamailio.org</a></div>
<div><a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
title="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
target="_blank" rel="noreferrer"
moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></div>
</blockquote>
</div>
</div>
<div>--</div>
<div>
<div>
<div>Regards,</div>
<div><br>
</div>
<div>David Villasmil</div>
<div>email: <a
href="https://link.getmailspring.com/link/440604DA-8F73-4D71-9038-78658920F906@getmailspring.com/0?redirect=mailto%3Adavid.villasmil.work%40gmail.com&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn"
title="mailto:david.villasmil.work@gmail.com"
target="_blank" rel="noreferrer"
moz-do-not-send="true">david.villasmil.work@gmail.com</a></div>
<div>phone: +34669448337</div>
</div>
</div>
<div>_______________________________________________</div>
<div>Kamailio (SER) - Users Mailing List</div>
<div><a href="mailto:sr-users@lists.kamailio.org"
target="_blank" rel="noreferrer"
moz-do-not-send="true">sr-users@lists.kamailio.org</a></div>
<div><a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
target="_blank" rel="noreferrer"
moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></div>
</div>
</blockquote>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a href="mailto:sr-users@lists.kamailio.org"
target="_blank" rel="noreferrer" moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
<a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
_______________________________________________<br>
Kamailio (SER) - Users Mailing List<br>
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a><br>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- <a class="moz-txt-link-freetext" href="https://asipto.com/u/kat">https://asipto.com/u/kat</a></pre>
</body>
</html>