[SR-Users] sngrep TLS connection

me.projects at yahoo.com me.projects at yahoo.com
Tue Dec 8 11:37:27 CET 2020


 There are two options
1- use SIMPDUMP module to dup all SIP packets in Log file SIPDUMP Module


| 
| 
|  | 
SIPDUMP Module


 |

 |

 |

 

2- use SIPTRACE module and broadcast SIP traffic from kamailio to any local port and then capture through sngrep -p BROACST_PORT
SipTrace Module


| 
| 
|  | 
SipTrace Module


 |

 |

 |


loadmodule "siptrace.so"
# check IP and port of your capture nodemodparam("siptrace", "duplicate_uri", "sip:127.0.0.1:9060")modparam("siptrace", "hep_mode_on", 0)modparam("siptrace", "trace_to_database", 0)modparam("siptrace", "trace_flag", 22)modparam("siptrace", "trace_on", 1)# modparam("siptrace", "hep_version", 3)modparam("siptrace", "xheaders_write", 1)
during code use  setflag(22); sip_trace();
This will broadcast SIP packet to local 9060 port and u can capture that through sngrep.
I hope it will help.





    On Tuesday, December 8, 2020, 01:08:44 PM GMT+5, Daniel-Constantin Mierla <miconda at gmail.com> wrote:  
 
  
Hello,
 
there were some limitations in sngrep for capturing tls traffic:
 
  * https://github.com/irontec/sngrep/issues/112
 
Not sure if there was any work afterwards to improve. The best place to ask in on sngrep project.
 
 
Anyhow, I want to add that if you use Kamailio, then you can load sipdump module and get the traffic stored in pcap files -- it requires master branch:
 
  *https://www.kamailio.org/docs/modules/devel/modules/sipdump.html#sipdump.p.mode
 
For stable branches, sipdump can store the traffic in text files.
 
Cheers,
 Daniel
 
 On 08.12.20 08:37, Yuriy Gorlichenko wrote:
  
 
As I remember sngrep doesn't work with TLS 1.3, so may be it is your case. 
  On Tue, 8 Dec 2020, 08:01 Agiftel, <agiftel at gmail.com> wrote:
  
Hi all, does anyone was able to use sngrep (with -k option) to decrypt TLS
 connections?
 I'am doing what help says; used private key is the correct one; but no
 traffic is seen on sngrep.
 If i use not ecrypted call i can see everything, so sngrep is working good.
 
 Any hint?
 
 regards
 
 
 
 
 --
 Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
 
 _______________________________________________
 Kamailio (SER) - Users Mailing List
 sr-users at lists.kamailio.org
 https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
 
  
  _______________________________________________Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla _______________________________________________
Kamailio (SER) - Users Mailing List
sr-users at lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201208/027b5322/attachment.htm>


More information about the sr-users mailing list