[Serusers] Remote Access for SIP trace

Fri Nov 25 07:48:39 CET 2005

> What is tcp_analyze?

It was sip_scenario I was thinking about. Just a memory glitch...  I 
corrected that in a new post.

> On a side-note: there is no easy TCP fitlering expression as both sides
> of TCP connections may use ephemeral ports.

Thanks, I wasn't aware of that. I just assumed that the port was specified 
explicitly.
g-)

> -jiri
>
> At 08:04 AM 11/23/2005, Greger V. Teigre wrote:
>>I know another approach has been to:
>>a) Run tcpdump continously (or when tracing is required) and dump to a 
>>file
>>b) Use sip_analyze to generate the SIP trace in HTML and make it available
>>c) Make an HTML interface to sip_analyze where various filters could be 
>>set
>>
>>This way a simple html form can be used to create a trace.  The drawback 
>>is the tcpdump file, but you could use rotatelogs and clean up old dumps 
>>in cron.
>>
>>This is one of the things that many people would like (or would benefit 
>>from) and I'm working on a debugging "framework" for the onsip.org Getting 
>>Started configs and such a setup would be useful. I would be interested to 
>>hear from anyone who have a working setup and who would like to contribute 
>>their code to open source.
>>g-)
>>
>>----- Original Message ----- From: "Steve Blair" <blairs at isc.upenn.edu>
>>To: "Rodrigo P. Telles" <telles at devel.it>
>>Cc: <serusers at lists.iptel.org>
>>Sent: Tuesday, November 22, 2005 10:02 PM
>>Subject: Re: [Serusers] Remote Access for SIP trace
>>
>>
>>>
>>>
>>>Rodrigo P. Telles wrote:
>>>
>>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>>Hash: SHA1
>>>>
>>>>Hi Folks,
>>>>
>>>>I'm using SER in a carrier grade mode and I need to create an interface 
>>>>(GUI) to
>>>>our support team run SIP traces in our SER box.
>>>>I think I have an idea to solve that problem but I don't know if it's 
>>>>the best
>>>>one, follow the idea:
>>>>
>>>>SERVER (SER)
>>>>1 - Run an application in daemon mode using libpcap to capture traffic 
>>>>on port 5060
>>>>- listening on a TCP port
>>>>- capture traffic all the time
>>>>- push all captured traffic to that TCP port (any one who connect/telnet 
>>>>on
>>>>that port can see the traffic - without authentication by now)
>>>>
>>>This is sort of what we did for basic troubleshooting. The difference is 
>>>that we provide a web
>>>interface with three links, 10 second, 30 second and 60 second capture. 
>>>The duration of the
>>>capture is then passed to a cgi script that runs ethereal and displays 
>>>the results on the web
>>>page. You could probably improve upon this by adding address filtering 
>>>options to the web
>>>interface.
>>>
>>>>CLIENT (GUI)
>>>>2 - Developed using JAVA || PHP-GTK || C++ || ....
>>>>- Connect to remote port to listen the traffic
>>>>- Can filter what do you want to see (show only filtered traffic or all)
>>>>- Colorized matches
>>>>- Can save the result of your dump/filter to a file
>>>>- etc
>>>>
>>>The web interface I described allows us to avoid writing anything other 
>>>than some php and
>>>perl but a java interface would do too.
>>>
>>>>So I did a concept proof...
>>>>
>>>>1 - Wrote a simple server program using Perl who run ngrep in SER box 
>>>>and push
>>>>the captured traffic through it's listening TCP port;
>>>>2 - Wrote a simple client program using Perl who connect to a remote 
>>>>port and
>>>>filter what you want to see or all the traffic;
>>>>
>>>>..and works like
>>>I'd probably do away with the client just because I don't like 
>>>distributing software to
>>>clients but that's me :-)
>>>
>>>>a charm :-)
>>>>
>>>>I'd like to hear opnions from SER members about the idea.
>>>>
>>>>Best regards,
>>>>- --
>>>>============================================
>>>>Rodrigo P. Telles <telles at devel.it>
>>>>IT Manager
>>>>Devel-IT - http://www.devel.it
>>>>IVOZ # 1029
>>>>+55 14 3324-1200
>>>>Bestcom Group
>>>>============================================
>>>>-----BEGIN PGP SIGNATURE-----
>>>>Version: GnuPG v1.2.4 (GNU/Linux)
>>>>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>>>
>>>>iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98
>>>>TpmB5w1kvF7xkTc1XC3o+7Y=
>>>>=fkKs
>>>>-----END PGP SIGNATURE-----
>>>>
>>>>_______________________________________________
>>>>Serusers mailing list
>>>>serusers at lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>
> --
> Jiri Kuthan            http://iptel.org/~jiri/
> 