[Serusers] Remote Access for SIP trace

Greger V. Teigre greger at teigre.com
Thu Nov 24 10:14:03 CET 2005 

> I use ngrep to create my traces, and then analyse the trace in ethereal. 
> The latest version has a great analyse function which shows all the sip 
> calls, and then you can create flow graphs for one or multiple calls. 
> It's a great way to look at complex traces...

Hey! That's great; I didn't know about the new functionality. Thanks for 
telling us!
g-)

> The commands I use are:
> ngrep -d any -W byline -O /tmp/trace.log port 5060
> This will output all packets to and from SER on the screen in a nice easy 
> to see format, and will also create a pcap compatible trace file in /tmp, 
> which I then use ethereal to look at.
> A nice feature of ngrep is that you can filter the traces by anything e.g. 
> by putting the username before port 5060 you will capture only packets 
> that refer to that user.
> I don't think that it's such a great idea to log all the packets all the 
> time, but suggest that the GUI could run ngrep to trace calls for a 
> specific username when the support staff require.
> Noel
>
>
> Greger V. Teigre wrote:
>
>> I know another approach has been to:
>> a) Run tcpdump continously (or when tracing is required) and dump to a 
>> file
>> b) Use sip_analyze to generate the SIP trace in HTML and make it 
>> available
>> c) Make an HTML interface to sip_analyze where various filters could be 
>> set
>>
>> This way a simple html form can be used to create a trace.  The drawback 
>> is the tcpdump file, but you could use rotatelogs and clean up old dumps 
>> in cron.
>>
>> This is one of the things that many people would like (or would benefit 
>> from) and I'm working on a debugging "framework" for the onsip.org 
>> Getting Started configs and such a setup would be useful. I would be 
>> interested to hear from anyone who have a working setup and who would 
>> like to contribute their code to open source.
>> g-)
>>
>> ----- Original Message ----- From: "Steve Blair" <blairs at isc.upenn.edu>
>> To: "Rodrigo P. Telles" <telles at devel.it>
>> Cc: <serusers at lists.iptel.org>
>> Sent: Tuesday, November 22, 2005 10:02 PM
>> Subject: Re: [Serusers] Remote Access for SIP trace
>>
>>
>>>
>>>
>>> Rodrigo P. Telles wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Hi Folks,
>>>>
>>>> I'm using SER in a carrier grade mode and I need to create an interface 
>>>> (GUI) to
>>>> our support team run SIP traces in our SER box.
>>>> I think I have an idea to solve that problem but I don't know if it's 
>>>> the best
>>>> one, follow the idea:
>>>>
>>>> SERVER (SER)
>>>> 1 - Run an application in daemon mode using libpcap to capture traffic 
>>>> on port 5060
>>>> - listening on a TCP port
>>>> - capture traffic all the time
>>>> - push all captured traffic to that TCP port (any one who 
>>>> connect/telnet on
>>>> that port can see the traffic - without authentication by now)
>>>>
>>>>
>>> This is sort of what we did for basic troubleshooting. The difference is 
>>> that we provide a web
>>> interface with three links, 10 second, 30 second and 60 second capture. 
>>> The duration of the
>>> capture is then passed to a cgi script that runs ethereal and displays 
>>> the results on the web
>>> page. You could probably improve upon this by adding address filtering 
>>> options to the web
>>> interface.
>>>
>>>> CLIENT (GUI)
>>>> 2 - Developed using JAVA || PHP-GTK || C++ || ....
>>>> - Connect to remote port to listen the traffic
>>>> - Can filter what do you want to see (show only filtered traffic or 
>>>> all)
>>>> - Colorized matches
>>>> - Can save the result of your dump/filter to a file
>>>> - etc
>>>>
>>>>
>>> The web interface I described allows us to avoid writing anything other 
>>> than some php and
>>> perl but a java interface would do too.
>>>
>>>> So I did a concept proof...
>>>>
>>>> 1 - Wrote a simple server program using Perl who run ngrep in SER box 
>>>> and push
>>>> the captured traffic through it's listening TCP port;
>>>> 2 - Wrote a simple client program using Perl who connect to a remote 
>>>> port and
>>>> filter what you want to see or all the traffic;
>>>>
>>>> ..and works like
>>>
>>> I'd probably do away with the client just because I don't like 
>>> distributing software to
>>> clients but that's me :-)
>>>
>>>> a charm :-)
>>>>
>>>> I'd like to hear opnions from SER members about the idea.
>>>>
>>>> Best regards,
>>>> - --
>>>> ============================================
>>>> Rodrigo P. Telles <telles at devel.it>
>>>> IT Manager
>>>> Devel-IT - http://www.devel.it
>>>> IVOZ # 1029
>>>> +55 14 3324-1200
>>>> Bestcom Group
>>>> ============================================
>>>> -----BEGIN PGP SIGNATURE-----
>>>> Version: GnuPG v1.2.4 (GNU/Linux)
>>>> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>>>
>>>> iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98
>>>> TpmB5w1kvF7xkTc1XC3o+7Y=
>>>> =fkKs
>>>> -----END PGP SIGNATURE-----
>>>>
>>>> _______________________________________________
>>>> Serusers mailing list
>>>> serusers at lists.iptel.org
>>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>>
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>

More information about the sr-users mailing list