[SR-Users] Kamailio to capture mirrored traffic

Daniel-Constantin Mierla miconda at gmail.com
Mon Oct 28 08:20:03 CET 2019


Hello,

network sniffers (such as wireshark, ngrep, tcpdump, sngrep, ...)
capture the traffic at network interface layer (well, using some kernel
hooks), before getting to application layer (even before the firewall)
and I expect is the same for heplify. They do not "receive" the packets
like an application that does "listen", just take a copy of the traffic
via those kernel hooks and then the packets are sent to the application
layer. In other words, heplify doesn't received the sip traffic and then
resends it locally, just gets a copy of the traffic.

Cheers,
Daniel

On 27.10.19 09:16, Igor Olhovskiy wrote:
> So, at the end it would be like 
> Heplify captures traffic and sending it to localhost, where Kamailio
> listens. 
> Thanks, will give it a try. 
>
> Regards, Igor
> On 26 Oct 2019, 21:21 +0200, Federico Cabiddu
> <federico.cabiddu at gmail.com>, wrote:
>> Just use heplify or captagent for this:
>> https://github.com/sipcapture/heplify
>>
>> https://github.com/sipcapture/captagent
>> You can run them on the same machines where you're running your sip
>> services and send the captured traffic to a homer instance. 
>>
>> Cheers, 
>>
>> Federico 
>>
>> On Sat, 26 Oct 2019, 20:40 Igor Olhovskiy, <igorolhovskiy at gmail.com
>> <mailto:igorolhovskiy at gmail.com>> wrote:
>>
>>     I'm trying to avoid SIP packet touching at all. Plus, I can't
>>     move third-party soft to other port/interface or so.
>>
>>     Idea is I don't want for Kamailio to be a proxy, but a sip packet
>>     analyzer for mirrored port, but on same machine.
>>
>>     On Oct 26 2019, at 6:40 pm, David Villasmil
>>     <david.villasmil.work at gmail.com
>>     <mailto:david.villasmil.work at gmail.com>> wrote:
>>
>>         Why not just receiving with kamailio and transparently
>>         proxying to the pbx after capturing? I.e.: kamailio in the middle
>>
>>         On Sat, 26 Oct 2019 at 14:46, Igor Olhovskiy
>>         <igorolhovskiy at gmail.com <mailto:igorolhovskiy at gmail.com>> wrote:
>>
>>             Hi!
>>
>>             I'm trying to get Kamailio working as a traffic capture
>>             on a same machine with other PBX software installed.
>>
>>             Actually, traffic is mirrored with
>>
>>             iptables -A PREROUTING -t mangle -i eth0 -p udp --dport
>>             5060 -j TEE --gateway 127.0.0.2
>>             <https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/0?redirect=127.0.0.2&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn>
>>             iptables -t nat -A PREROUTING -d 127.0.0.2 -p udp --dport
>>             5060 -j DNAT --to 127.0.0.1:5062
>>             <https://link.getmailspring.com/link/AB5F9D36-533D-4A52-ADE3-FB76B813163C@getmailspring.com/1?redirect=127.0.0.1%3A5062&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn>
>>
>>             Kamailio request route is super simple
>>             request_route {
>>                 xlog("L_ALERT", "[SIP-PACKET] Got packet [F=$fu R=$ru
>>             D=$du M=$rm IP=($si:$sp $Ri:$Rp) ID=$ci]\n");
>>                 drop;
>>             }
>>
>>             I was trying to get Kamailio just listen on interface
>>             127.0.0.1:5062 <http://127.0.0.1:5062>, but no luck
>>
>>             listen=udp:127.0.0.1:5062 <http://127.0.0.1:5062>
>>
>>             Next was to use sipcapture module with following parameters
>>
>>             loadmodule "sipcapture.so"
>>             modparam("sipcapture", "db_url", "text:///tmp/")
>>             modparam("sipcapture", "raw_socket_listen",
>>             "127.0.0.1:5060-5062")
>>             modparam("sipcapture", "raw_interface", "lo")
>>             modparam("sipcapture", "promiscious_on", 1)
>>
>>             Also no luck. Means Kamailio can't see packets, but I see
>>             em with wireshark on lo interface.
>>
>>             What is best way to get it working? Or I'm missing something?
>>
>>             Thanks!
>>             _______________________________________________
>>             Kamailio (SER) - Users Mailing List
>>             sr-users at lists.kamailio.org
>>             <mailto:sr-users at lists.kamailio.org>
>>             https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>>         --
>>         Regards,
>>
>>         David Villasmil
>>         email: david.villasmil.work at gmail.com
>>         <https://link.getmailspring.com/link/440604DA-8F73-4D71-9038-78658920F906@getmailspring.com/0?redirect=mailto%3Adavid.villasmil.work%40gmail.com&recipient=c3ItdXNlcnNAbGlzdHMua2FtYWlsaW8ub3Jn>
>>         phone: +34669448337
>>         _______________________________________________
>>         Kamailio (SER) - Users Mailing List
>>         sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>         https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>>     _______________________________________________
>>     Kamailio (SER) - Users Mailing List
>>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191028/3feb420e/attachment.html>


More information about the sr-users mailing list