<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>Hello,</p>
<p>wss is not usually on port 5060, it can be on port 5061 (if you
haven't configured another tls socket specially for wss traffic).
Anyhow, wss traffic is encrypted, so sngrep will not match it as
sip traffic.</p>
<p>If you want to see locally the wss sip traffic, load sipdump
module, it will write in text files (the version in master can
save the traffic in pcap files as well, although it will appear as
being udp traffic, because it was simpler to build the pcap
headers, however you can sport from the headers/ports what was the
trasport layer, or enable to add the extra meta-data sip header).</p>
<p>If you already have homer, then you should see the wss encrypted
traffic there.<br>
</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 11.09.20 01:41, Johnny Ritzer wrote:<br>
</div>
<blockquote type="cite"
cite="mid:BYAPR03MB4792F7B9BBAFF8FCC645D01EF1270@BYAPR03MB4792.namprd03.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal">Hmmmm seeing that port 127.0.0.1….9060
looks like to capture and forward to homer (I know I
installed it at one time to try to some triage).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Maybe homer built for additional checks. <br>
I just disabled the module hosting that port and I no longer
see it in ngrep. <o:p>
</o:p></p>
<p class="MsoNormal"><br>
my path issue is wss:// webrtc over to uac.reg and FW it
off to PBX. So ill try and figure out where in kama.cfg
to hopefully get it to fw to pbx and make call.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">Johnny
Ritzer <a class="moz-txt-link-rfc2396E" href="mailto:sudoritz@gmail.com"><sudoritz@gmail.com></a><br>
<b>Date: </b>Thursday, September 10, 2020 at 4:32 PM<br>
<b>To: </b>Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-rfc2396E" href="mailto:sr-users@lists.kamailio.org"><sr-users@lists.kamailio.org></a><br>
<b>Subject: </b>Re: [SR-Users] sngrep nor tcpdump showing
5060 traffic but ngrep /kama logs show something ?
(outbound call)<o:p></o:p></span></p>
</div>
<p class="MsoNormal">Ya I have other scenarios that show up
like inbound call.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">So I did this (made a test call) and saved
output ngrep to pcap.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">And open in wireshark and I see it as
protocol UDP with SIP enclosed in data<br>
<br>
ngrep -d any -qt -W byline port 5060 -O test.pcap<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">heres ngrep<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt"> 2020/09/10
23:19:51.109093 10.111.0.4:5060 -> 127.0.0.1:9060 #1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">.......[F...</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">...INVITE
<a class="moz-txt-link-freetext" href="sip:8000@24.xx.xx.xx">sip:8000@24.xx.xx.xx</a> SIP/2.0.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Via:
SIP/2.0/WSS 4d8asfsdfag3f.invalid;branch=z9hG4bK2797686.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Max-Forwards:
70.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">To:
<a class="moz-txt-link-rfc2396E" href="sip:8000@24.xx.xx.xx"><sip:8000@24.xx.xx.xx></a>.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">From:
"Ctx-WEBSIP-1138"
<a class="moz-txt-link-rfc2396E" href="sip:1138@24.xx.xx.xx"><sip:1138@24.xx.xx.xx></a>;tag=jd85ifa0f2.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Call-ID:
9pujji6vasdfasfrbn2.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">CSeq: 906
INVITE.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Contact:
<a class="moz-txt-link-rfc2396E" href="sip:1138@24.xx.xx.xx;gr=urn:uuid:121211-a79d-4e76-a010-121211"><sip:1138@24.xx.xx.xx;gr=urn:uuid:121211-a79d-4e76-a010-121211></a>.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Allow:
ACK,CANCEL,INVITE,MESSAGE,BYE,OPTIONS,INFO,NOTIFY,REFER.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Supported:
gruu, outbound.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">User-Agent:
SIP.js/0.7.8.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Content-Type:
application/sdp.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Content-Length:
2047.</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">sr-users
<a class="moz-txt-link-rfc2396E" href="mailto:sr-users-bounces@lists.kamailio.org"><sr-users-bounces@lists.kamailio.org></a><br>
<b>Date: </b>Thursday, September 10, 2020 at 4:19 PM<br>
<b>To: </b>Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-rfc2396E" href="mailto:sr-users@lists.kamailio.org"><sr-users@lists.kamailio.org></a><br>
<b>Subject: </b>Re: [SR-Users] sngrep nor tcpdump showing
5060 traffic but ngrep /kama logs show something ?
(outbound call)</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">You sure you’re using 5060 on kamailio?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">On Fri, 11 Sep 2020 at 00:04, Johnny
Ritzer <<a href="mailto:sudoritz@gmail.com"
moz-do-not-send="true">sudoritz@gmail.com</a>>
wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">No…
or not that I know of<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">This
is a temp GCP (as im building a POC to get this to
a working concept.) trying to fine-tune config<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;color:black">From:<br>
<br>
</span></b><span
style="font-size:12.0pt;color:black">sr-users
<<a
href="mailto:sr-users-bounces@lists.kamailio.org"
target="_blank" moz-do-not-send="true">sr-users-bounces@lists.kamailio.org</a>><br>
<br>
<br>
<b>Date: </b>Thursday, September 10, 2020 at
3:33 PM<br>
<br>
<br>
<b>To: </b>Kamailio (SER) - Users Mailing List
<<a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true">sr-users@lists.kamailio.org</a>><br>
<br>
<br>
<b>Subject: </b>Re: [SR-Users] sngrep nor
tcpdump showing 5060 traffic but ngrep /kama
logs show something ? (outbound call)</span><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Are
you using vlans? In the past I had issues with
ngrep if the packets had vlan tags on them.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">On
Thu, Sep 10, 2020 at 6:10 PM Johnny Ritzer <<a
href="mailto:sudoritz@gmail.com"
target="_blank" moz-do-not-send="true">sudoritz@gmail.com</a>>
wrote:<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">I
can see kama logs./ngrep when I try to call
out (WSS -> ) . But I cant see anything
in sngrep nor tcpdump.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><br>
<br>
<br>
“ngrep -d any -qt -W byline port 5060”<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">Im
not sure how/why or it could be something
simple but what puzzles me is I know im
sending data but its not captured.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Setup
is pbx at 24.xx.xx.xx but ext is uac.reg to
stay connected.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">UA
client = sip.js / wss<br>
<br>
<br>
Inbound works(but 1 way audio ill fix
after outbound issue) <o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Outbound
doesn’t dial out (UA = webRTC client) using
wss. Which led me to troubleshoot via
sngrep/tcpdump.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt">But
I seet his when it happens knowing I ame
getting something sent.<o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt">Sep 10 21:48:36
kamaProx /usr/sbin/kamailio[27480]:
WARNING: <script>:
----RouteLogic--SIP request received on
port 4443: from:1138 to:8040
srcip:70.xx.xx.xx</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt">Sep 10 21:48:36
kamaProx /usr/sbin/kamailio[27480]: INFO:
<script>: START: INVITE from
<a class="moz-txt-link-freetext" href="sip:1138@24.xx.xx.xx">sip:1138@24.xx.xx.xx</a> (IP:
70.xx.xx.xx:55041)</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt">Sep 10 21:48:36
kamaProx /usr/sbin/kamailio[27480]:
WARNING: <script>:
----RouteLogic--SIP request received on
port 4443: from:1138 to:8040
srcip:70.xx.xx.xx</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt">Sep 10 21:48:36
kamaProx /usr/sbin/kamailio[27480]: INFO:
<script>: START: ACK from
<a class="moz-txt-link-freetext" href="sip:1138@24.xx.xx.xx">sip:1138@24.xx.xx.xx</a> (IP:
70.xx.xx.xx:55041)</span><o:p></o:p></p>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">_______________________________________________<br>
<br>
<br>
Kamailio (SER) - Users Mailing List<br>
<br>
<br>
<a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
<br>
<br>
<a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
target="_blank" moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<br>
<br>
_______________________________________________<br>
<br>
Kamailio (SER) - Users Mailing List<br>
<br>
<a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>
<br>
<a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
target="_blank" moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><o:p></o:p></p>
</blockquote>
</div>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<p class="MsoNormal">David Villasmil<o:p></o:p></p>
<div>
<p class="MsoNormal">email: <a
href="mailto:david.villasmil.work@gmail.com"
target="_blank" moz-do-not-send="true">
david.villasmil.work@gmail.com</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">phone: +34669448337<o:p></o:p></p>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Funding: <a class="moz-txt-link-freetext" href="https://www.paypal.me/dcmierla">https://www.paypal.me/dcmierla</a></pre>
</body>
</html>