[SR-Users] Kamailio to capture mirrored traffic

Sat Oct 26 21:19:18 CEST 2019

Just use heplify or captagent for this:
https://github.com/sipcapture/heplify

https://github.com/sipcapture/captagent
You can run them on the same machines where you're running your sip
services and send the captured traffic to a homer instance.

Cheers,

Federico

On Sat, 26 Oct 2019, 20:40 Igor Olhovskiy, <igorolhovskiy at gmail.com> wrote:

> I'm trying to avoid SIP packet touching at all. Plus, I can't move
> third-party soft to other port/interface or so.
>
> Idea is I don't want for Kamailio to be a proxy, but a sip packet analyzer
> for mirrored port, but on same machine.
>
> On Oct 26 2019, at 6:40 pm, David Villasmil <
> david.villasmil.work at gmail.com> wrote:
>
> Why not just receiving with kamailio and transparently proxying to the pbx
> after capturing? I.e.: kamailio in the middle
>
> On Sat, 26 Oct 2019 at 14:46, Igor Olhovskiy <igorolhovskiy at gmail.com>
> wrote:
>
> Hi!
>
> I'm trying to get Kamailio working as a traffic capture on a same machine
> with other PBX software installed.
>
> Actually, traffic is mirrored with
>
> iptables -A PREROUTING -t mangle -i eth0 -p udp --dport 5060 -j TEE
> --gateway 127.0.0.2
> <https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/0?redirect=127.0.0.2&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn>
> iptables -t nat -A PREROUTING -d 127.0.0.2 -p udp --dport 5060 -j DNAT
> --to 127.0.0.1:5062
> <https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/1?redirect=127.0.0.1%3A5062&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn>
>
> Kamailio request route is super simple
> request_route {
>     xlog("L_ALERT", "[SIP-PACKET] Got packet [F=$fu R=$ru D=$du M=$rm
> IP=($si:$sp $Ri:$Rp) ID=$ci]\n");
>     drop;
> }
>
> I was trying to get Kamailio just listen on interface 127.0.0.1:5062, but
> no luck
>
> listen=udp:127.0.0.1:5062
>
> Next was to use sipcapture module with following parameters
>
> loadmodule "sipcapture.so"
> modparam("sipcapture", "db_url", "text:///tmp/")
> modparam("sipcapture", "raw_socket_listen", "127.0.0.1:5060-5062")
> modparam("sipcapture", "raw_interface", "lo")
> modparam("sipcapture", "promiscious_on", 1)
>
> Also no luck. Means Kamailio can't see packets, but I see em with
> wireshark on lo interface.
>
> What is best way to get it working? Or I'm missing something?
>
> Thanks!
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> <https://link.getmailspring.com/link/440604DA-8F73-4D71-9038-78658920F906@getmailspring.com/0?redirect=mailto%3Adavid.villasmil.work%40gmail.com&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn>
> phone: +34669448337
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191026/30e3bf1b/attachment.html>