Il 03 mag 2017 08:56, "Daniel-Constantin Mierla" <miconda(a)gmail.com> ha
scritto:
Thanks for sharing, is it capturing RTP as well?
What do you mean by visualization? Displaying in wireshark GUI or still
everything in the terminal?
Hi Daniel,
Is a shell wrapper around tshark.
Is all in terminal.
It reformat the output of tshark in a way easy to eyes.
It does not capture (eg, it does not create a pcap file), it shows the
signaling on screen.
-giovanni
Cheers,
Daniel
On 02.05.17 16:52, Giovanni Maruzzelli wrote:
For a cut and paste ready version, that has the correct carriage returns
(mangled by mail), check it in FreeSWITCH documentation:
https://freeswitch.org/confluence/display/FREESWITCH/
Packet+Capture#PacketCapture-TLSwithsharka
-giovanni
On 2 May 2017 at 16:26, Giovanni Maruzzelli <gmaruzz(a)gmail.com> wrote:
Hello fellows,
after some experimentation with various tools, I come out with a little
shell tool that maybe can be useful to you too.
It can only work with non-forward secrecy ciphers, obviously, and only if
is started before the client do the initial TLS handshake (eg, just restart
the client). Forward secrecy cannot be decrypted after fact, so don't waste
effort.
An example of ciphers that can be decrypted are the "AES256-SHA" openssl
cipher group. You can use ssldump to check what cipher is used by
serverhello.
Enjoy, make it better, and share it :)
#!/bin/bash
# brought to you by Giovanni Maruzzelli
#
SERVERIP="192.168.1.150"
SERVERPORT="5061"
PRIVKEY="/etc/certs/privkey.pem"
STDERR2DEVNULL=" 2>/dev/null "
REGEX="notyet"
if [ -z "$1" ]; then
REGEX="\\\.*"
else
REGEX="$1"
fi
FILTER="ssl.app_data and sip matches"
FILTER2="$FILTER \"$REGEX\""
FILTER3="'$FILTER2'"
ARGUMENT="-i 1 -Y $FILTER3 -E header=y -T fields -e frame.number -e
frame.time -e frame.time_delta_displayed -e ip.src -e ip.dst -e
sip.Status-Line -e sip.Request-Line -e sip.msg_hdr -l -d
tcp.port\=\=5061,sip -o \"ssl.keys_list: $SERVERIP,$SERVERPORT,sip,$PRIVKEY\"
$STDERR2DEVNULL | sed -u 's/\t/\n/g' | sed -u '/^$/d' | sed -u
's/^[0-9]*$/\n==&==============================/g'"
echo ""
echo "NB: if it do not works, edit script so that STDERR2DEVNULL=\" \"
and
try again"
echo ""
echo "NB: remember to quote and escape match patterns, using triple slash"
echo " eg, for matching 1010(a)pbx.example.com, use \"
1010(a)pbx.example.com\""
echo " eg, for matching anything, use \"\\\\\\.*\""
echo " eg, for matching *98, use \"\\\\\\*98\""
echo "USAGE: $0 \"\\\\\\*98(a)pbx.example.com\""
echo ""
case "$1" in
-help|--help|?)
exit 0
;;
*)
echo "THIS TIME WE'RE DOING:"
echo "tshark $ARGUMENT"
echo ""
bash -c "tshark $ARGUMENT"
;;
esac
--
Sincerely,
Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18
--
Sincerely,
Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18
_______________________________________________
Kamailio (SER) - Users Mailing
Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin
Mierlawww.twitter.com/miconda --
www.linkedin.com/in/miconda
Kamailio Advanced Training - May 22-24 (USA) -
www.asipto.com
Kamailio World Conference - May 8-10, 2017 -
www.kamailioworld.com