[SR-Users] Kamailio to capture mirrored traffic

Sun Oct 27 09:16:01 CET 2019

So, at the end it would be like
Heplify captures traffic and sending it to localhost, where Kamailio listens.
Thanks, will give it a try.

Regards, Igor
On 26 Oct 2019, 21:21 +0200, Federico Cabiddu <federico.cabiddu at gmail.com>, wrote:
> Just use heplify or captagent for this:
> https://github.com/sipcapture/heplify
>
> https://github.com/sipcapture/captagent
> You can run them on the same machines where you're running your sip services and send the captured traffic to a homer instance.
>
> Cheers,
>
> Federico
>
> > On Sat, 26 Oct 2019, 20:40 Igor Olhovskiy, <igorolhovskiy at gmail.com> wrote:
> > > I'm trying to avoid SIP packet touching at all. Plus, I can't move third-party soft to other port/interface or so.
> > >
> > > Idea is I don't want for Kamailio to be a proxy, but a sip packet analyzer for mirrored port, but on same machine.
> > >
> > > On Oct 26 2019, at 6:40 pm, David Villasmil <david.villasmil.work at gmail.com> wrote:
> > > > Why not just receiving with kamailio and transparently proxying to the pbx after capturing? I.e.: kamailio in the middle
> > > >
> > > > > On Sat, 26 Oct 2019 at 14:46, Igor Olhovskiy <igorolhovskiy at gmail.com> wrote:
> > > > > > Hi!
> > > > > >
> > > > > > I'm trying to get Kamailio working as a traffic capture on a same machine with other PBX software installed.
> > > > > >
> > > > > > Actually, traffic is mirrored with
> > > > > >
> > > > > > iptables -A PREROUTING -t mangle -i eth0 -p udp --dport 5060 -j TEE --gateway 127.0.0.2
> > > > > > iptables -t nat -A PREROUTING -d 127.0.0.2 -p udp --dport 5060 -j DNAT --to 127.0.0.1:5062
> > > > > >
> > > > > > Kamailio request route is super simple
> > > > > > request_route {
> > > > > >     xlog("L_ALERT", "[SIP-PACKET] Got packet [F=$fu R=$ru D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]\n");
> > > > > >     drop;
> > > > > > }
> > > > > >
> > > > > > I was trying to get Kamailio just listen on interface 127.0.0.1:5062, but no luck
> > > > > >
> > > > > > listen=udp:127.0.0.1:5062
> > > > > >
> > > > > > Next was to use sipcapture module with following parameters
> > > > > >
> > > > > > loadmodule "sipcapture.so"
> > > > > > modparam("sipcapture", "db_url", "text:///tmp/")
> > > > > > modparam("sipcapture", "raw_socket_listen", "127.0.0.1:5060-5062")
> > > > > > modparam("sipcapture", "raw_interface", "lo")
> > > > > > modparam("sipcapture", "promiscious_on", 1)
> > > > > >
> > > > > > Also no luck. Means Kamailio can't see packets, but I see em with wireshark on lo interface.
> > > > > >
> > > > > > What is best way to get it working? Or I'm missing something?
> > > > > >
> > > > > > Thanks!
> > > > > > _______________________________________________
> > > > > > Kamailio (SER) - Users Mailing List
> > > > > > sr-users at lists.kamailio.org
> > > > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > > --
> > > > Regards,
> > > >
> > > > David Villasmil
> > > > email: david.villasmil.work at gmail.com
> > > > phone: +34669448337
> > > > _______________________________________________
> > > > Kamailio (SER) - Users Mailing List
> > > > sr-users at lists.kamailio.org
> > > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> > > _______________________________________________
> > > Kamailio (SER) - Users Mailing List
> > > sr-users at lists.kamailio.org
> > > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191027/f285faa4/attachment.html>