<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office"><head><!--[if gte mso 9]><xml><o:OfficeDocumentSettings><o:AllowPNG/><o:PixelsPerInch>96</o:PixelsPerInch></o:OfficeDocumentSettings></xml><![endif]--></head><body><div class="ydp4647dd92yahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div dir="ltr" data-setdir="false">There are two options</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">1- use SIMPDUMP module to dup all SIP packets in Log file </div><div dir="ltr" data-setdir="false"><a href="https://kamailio.org/docs/modules/5.4.x/modules/sipdump.html" rel="nofollow" target="_blank" class="enhancr_card_8396434086">SIPDUMP Module</a><br></div><div><br></div><div id="ydp6f5bc33eenhancr_card_8396434086" class="ydp6f5bc33eyahoo-link-enhancr-card ydp6f5bc33eyahoo-link-enhancr-not-allow-cover ydp6f5bc33eymail-preserve-class ydp6f5bc33eymail-preserve-style" style="max-width: 400px; font-family: YahooSans, Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif; position: relative;" data-url="https://kamailio.org/docs/modules/5.4.x/modules/sipdump.html" data-type="YENHANCER" data-size="MEDIUM" contenteditable="false"><a href="https://kamailio.org/docs/modules/5.4.x/modules/sipdump.html" style="text-decoration:none !important;color:#000 !important" class="ydp6f5bc33eyahoo-enhancr-cardlink" rel="nofollow" target="_blank"><table border="0" class="ydp6f5bc33ecard-wrapper ydp6f5bc33eyahoo-ignore-table" cellpadding="0" cellspacing="0" style="max-width:400px"><tbody><tr><td width="400"><table border="0" class="ydp6f5bc33ecard ydp6f5bc33eyahoo-ignore-table" cellpadding="0" cellspacing="0" width="100%" style="max-width:400px;border-width:1px;border-style:solid;border-color:rgb(224, 228, 233);border-radius:2px"><tbody><tr><td><table border="0" class="ydp6f5bc33ecard-info ydp6f5bc33eyahoo-ignore-table" cellpadding="0" cellspacing="0" style="background:#fff;position:relative;z-index:2;width:100%;max-width:400px;border-radius:0 0 2px 2px;border-top:1px solid rgb(224, 228, 233)"><tbody><tr><td style="background-color:#ffffff;padding:16px 0 16px 12px;vertical-align:top;border-radius:0 0 0 2px"></td><td style="vertical-align:middle;padding:12px 24px 16px 12px;width:99%;font-family:YahooSans, Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif;border-radius:0 0 2px 0"><h2 class="ydp6f5bc33ecard-title" style="font-size: 14px; line-height: 19px; margin: 0px 0px 6px; font-family: YahooSans, Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif; color: rgb(38, 40, 42); max-width: 314px;">SIPDUMP Module</h2><p class="ydp6f5bc33ecard-description" style="font-size: 12px; line-height: 16px; margin: 0px; color: rgb(151, 155, 167);"></p></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></a><div class="loadingSpinnerContainer" style="position: absolute; top: 0px; width: 100%; height: 100%; display: flex; align-items: center; justify-content: center; background-color: rgba(255, 255, 255, 0.3);"><div class="D_F F_n gl_C ab_C H_6MGW o_h"><div class="W_6MGW H_6MGW D_X ah_1PEzoz" data-test-id="loading_indicator"><svg class="W_6MGW H_6MGW ah_Zq6hUs" viewBox="0 0 24 24" width="24" height="24"><path class="cdPFi_n cZ13pKbK_Z2aVTcY cZ1XO2Ji_dRA c2abBOT_EY cZ1vNhDV_rd cZV8aCd_pI ah_14s73" d="M12,22C6.477,22,2,17.523,2,12S6.477,2,12,2"></path><path class="cdPFi_n cZ13pKbK_Z2aVTcY cZ1XO2Ji_dRA c2abBOT_EY cZ1vNhDV_rd cZV8aCd_pI ah_14s73" d="M12,2c5.523,0,10,4.477,10,10s-4.477,10-10,10"></path></svg></div></div></div></div><div> </div><div><br></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">2- use SIPTRACE module and broadcast SIP traffic from kamailio to any local port and then capture through sngrep -p BROACST_PORT</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false"><a href="https://kamailio.org/docs/modules/5.4.x/modules/siptrace.html" rel="nofollow" target="_blank" class="enhancr_card_8422702714">SipTrace Module</a><br></div><div><br></div><div id="ydp585dcf5benhancr_card_8422702714" class="ydp585dcf5byahoo-link-enhancr-card ydp585dcf5byahoo-link-enhancr-not-allow-cover ydp585dcf5bymail-preserve-class ydp585dcf5bymail-preserve-style" style="max-width:400px;font-family:YahooSans, Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif" data-url="https://kamailio.org/docs/modules/5.4.x/modules/siptrace.html" data-type="YENHANCER" data-size="MEDIUM" contenteditable="false"><a href="https://kamailio.org/docs/modules/5.4.x/modules/siptrace.html" style="text-decoration:none !important;color:#000 !important" class="ydp585dcf5byahoo-enhancr-cardlink" rel="nofollow" target="_blank"><table border="0" class="ydp585dcf5bcard-wrapper ydp585dcf5byahoo-ignore-table" cellpadding="0" cellspacing="0" style="max-width:400px"><tbody><tr><td width="400"><table border="0" class="ydp585dcf5bcard ydp585dcf5byahoo-ignore-table" cellpadding="0" cellspacing="0" width="100%" style="max-width:400px;border-width:1px;border-style:solid;border-color:rgb(224, 228, 233);border-radius:2px"><tbody><tr><td><table border="0" class="ydp585dcf5bcard-info ydp585dcf5byahoo-ignore-table" cellpadding="0" cellspacing="0" style="background:#fff;position:relative;z-index:2;width:100%;max-width:400px;border-radius:0 0 2px 2px;border-top:1px solid rgb(224, 228, 233)"><tbody><tr><td style="background-color:#ffffff;padding:16px 0 16px 12px;vertical-align:top;border-radius:0 0 0 2px"></td><td style="vertical-align:middle;padding:12px 24px 16px 12px;width:99%;font-family:YahooSans, Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif;border-radius:0 0 2px 0"><h2 class="ydp585dcf5bcard-title" style="font-size: 14px; line-height: 19px; margin: 0px 0px 6px; font-family: YahooSans, Helvetica Neue, Segoe UI, Helvetica, Arial, sans-serif; color: rgb(38, 40, 42); max-width: 314px;">SipTrace Module</h2><p class="ydp585dcf5bcard-description" style="font-size: 12px; line-height: 16px; margin: 0px; color: rgb(151, 155, 167);"></p></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></a></div><div><br></div><div><div><div dir="ltr" data-setdir="false"><span>loadmodule "siptrace.so"</span><br></div><div># check IP and port of your capture node</div><div>modparam("siptrace", "duplicate_uri", "sip:127.0.0.1:9060")</div><div>modparam("siptrace", "hep_mode_on", 0)</div><div>modparam("siptrace", "trace_to_database", 0)</div><div>modparam("siptrace", "trace_flag", 22)</div><div>modparam("siptrace", "trace_on", 1)</div><div># modparam("siptrace", "hep_version", 3)</div><div dir="ltr" data-setdir="false">modparam("siptrace", "xheaders_write", 1)</div></div></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">during code use </div><div dir="ltr" data-setdir="false"><div><div><span class="ydp6afdad78Apple-tab-span" style="white-space: pre-wrap;"> </span>setflag(22);</div><div dir="ltr" data-setdir="false"><span class="ydp6afdad78Apple-tab-span" style="white-space: pre-wrap;"> </span>sip_trace();</div></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">This will broadcast SIP packet to local 9060 port and u can capture that through sngrep.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">I hope it will help.</div></div><div><br></div><div><br></div><div><br></div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false"><br></div><div><br></div>
</div><div id="yahoo_quoted_8232998395" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Tuesday, December 8, 2020, 01:08:44 PM GMT+5, Daniel-Constantin Mierla <miconda@gmail.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv2101802684"><div>
<p>Hello,</p>
<p>there were some limitations in sngrep for capturing tls traffic:</p>
<p> * <a rel="nofollow" shape="rect" class="yiv2101802684moz-txt-link-freetext" target="_blank" href="https://github.com/irontec/sngrep/issues/112">https://github.com/irontec/sngrep/issues/112</a></p>
<p>Not sure if there was any work afterwards to improve. The best
place to ask in on sngrep project.<br clear="none">
</p>
<p>Anyhow, I want to add that if you use Kamailio, then you can load
sipdump module and get the traffic stored in pcap files -- it
requires master branch:</p>
<p> *
<a rel="nofollow" shape="rect" class="yiv2101802684moz-txt-link-freetext" target="_blank" href="https://www.kamailio.org/docs/modules/devel/modules/sipdump.html#sipdump.p.mode">https://www.kamailio.org/docs/modules/devel/modules/sipdump.html#sipdump.p.mode</a></p>
<p>For stable branches, sipdump can store the traffic in text files.</p>
<p>Cheers,<br clear="none">
Daniel<br clear="none">
</p>
<div class="yiv2101802684yqt9498580727" id="yiv2101802684yqtfd59572"><div class="yiv2101802684moz-cite-prefix">On 08.12.20 08:37, Yuriy Gorlichenko
wrote:<br clear="none">
</div>
<blockquote type="cite">
</blockquote></div></div><div class="yiv2101802684yqt9498580727" id="yiv2101802684yqtfd01215"></div><div><div class="yiv2101802684yqt9498580727" id="yiv2101802684yqtfd85321"><div>As I remember sngrep doesn't work with TLS 1.3, so
may be it is your case.</div>
<br clear="none">
<div class="yiv2101802684gmail_quote">
<div class="yiv2101802684gmail_attr" dir="ltr">On Tue, 8 Dec 2020, 08:01
Agiftel, <<a rel="nofollow" shape="rect" ymailto="mailto:agiftel@gmail.com" target="_blank" href="mailto:agiftel@gmail.com">agiftel@gmail.com</a>> wrote:<br clear="none">
</div>
<blockquote class="yiv2101802684gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi all, does
anyone was able to use sngrep (with -k option) to decrypt TLS<br clear="none">
connections?<br clear="none">
I'am doing what help says; used private key is the correct
one; but no<br clear="none">
traffic is seen on sngrep.<br clear="none">
If i use not ecrypted call i can see everything, so sngrep is
working good.<br clear="none">
<br clear="none">
Any hint?<br clear="none">
<br clear="none">
regards<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
--<br clear="none">
Sent from: <a rel="nofollow" shape="rect" target="_blank" href="http://sip-router.1086192.n5.nabble.com/Users-f3.html">http://sip-router.1086192.n5.nabble.com/Users-f3.html</a><br clear="none">
<br clear="none">
_______________________________________________<br clear="none">
Kamailio (SER) - Users Mailing List<br clear="none">
<a rel="nofollow" shape="rect" ymailto="mailto:sr-users@lists.kamailio.org" target="_blank" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br clear="none">
</blockquote>
</div>
<br clear="none">
<fieldset class="yiv2101802684mimeAttachmentHeader"></fieldset>
</div><pre class="yiv2101802684moz-quote-pre"><div class="yiv2101802684yqt9498580727" id="yiv2101802684yqtfd84765">_______________________________________________
Kamailio (SER) - Users Mailing List
<a rel="nofollow" shape="rect" class="yiv2101802684moz-txt-link-abbreviated" ymailto="mailto:sr-users@lists.kamailio.org" target="_blank" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a rel="nofollow" shape="rect" class="yiv2101802684moz-txt-link-freetext" target="_blank" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a></div>
</pre>
<pre class="yiv2101802684moz-signature">--
Daniel-Constantin Mierla -- <a rel="nofollow" shape="rect" class="yiv2101802684moz-txt-link-abbreviated" target="_blank" href="http://www.asipto.com">www.asipto.com</a>
<a rel="nofollow" shape="rect" class="yiv2101802684moz-txt-link-abbreviated" target="_blank" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a rel="nofollow" shape="rect" class="yiv2101802684moz-txt-link-abbreviated" target="_blank" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Funding: <a rel="nofollow" shape="rect" class="yiv2101802684moz-txt-link-freetext" target="_blank" href="https://www.paypal.me/dcmierla">https://www.paypal.me/dcmierla</a></pre><div class="yiv2101802684yqt9498580727" id="yiv2101802684yqtfd71475">
</div></div></div><div class="yqt9498580727" id="yqtfd56440">_______________________________________________<br clear="none">Kamailio (SER) - Users Mailing List<br clear="none"><a shape="rect" ymailto="mailto:sr-users@lists.kamailio.org" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a><br clear="none"><a shape="rect" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br clear="none"></div></div>
</div>
</div></body></html>