[SR-Users] sngrep nor tcpdump showing 5060 traffic but ngrep /kama logs show something ? (outbound call)

Daniel-Constantin Mierla miconda at gmail.com
Fri Sep 11 07:38:28 CEST 2020 

Hello,

wss is not usually on port 5060, it can be on port 5061 (if you haven't
configured another tls socket specially for wss traffic). Anyhow, wss
traffic is encrypted, so sngrep will not match it as sip traffic.

If you want to see locally the wss sip traffic, load sipdump module, it
will write in text files (the version in master can save the traffic in
pcap files as well, although it will appear as being udp traffic,
because it was simpler to build the pcap headers, however you can sport
from the headers/ports what was the trasport layer, or enable to add the
extra meta-data sip header).

If you already have homer, then you should see the wss encrypted traffic
there.

Cheers,
Daniel

On 11.09.20 01:41, Johnny Ritzer wrote:
>
> Hmmmm seeing that port 127.0.0.1….9060  looks like to capture and
> forward  to homer (I know I installed it at one time to try to some
> triage).
>
>  
>
> Maybe homer built for additional checks.
> I just disabled the module hosting that port and I no longer see it in
> ngrep.  
>
>
>  my path  issue is  wss://  webrtc over to  uac.reg and FW it  off 
> to  PBX. So ill try  and  figure out where  in kama.cfg to hopefully
> get  it to fw to pbx  and make call.
>
>  
>
>  
>
> *From: *Johnny Ritzer <sudoritz at gmail.com>
> *Date: *Thursday, September 10, 2020 at 4:32 PM
> *To: *Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject: *Re: [SR-Users] sngrep nor tcpdump showing 5060 traffic but
> ngrep /kama logs show something ? (outbound call)
>
> Ya I have other  scenarios  that show  up  like  inbound call.
>
>  
>
> So I did this (made a test call)  and saved output ngrep to pcap.
>
>  
>
> And open in wireshark  and I see it as protocol  UDP  with SIP
> enclosed  in data
>
> ngrep -d any -qt -W byline port 5060 -O test.pcap
>
>  
>
> heres ngrep
>
>  2020/09/10 23:19:51.109093 10.111.0.4:5060 -> 127.0.0.1:9060 #1
>
> .......[F...
>
> ...INVITE sip:8000 at 24.xx.xx.xx SIP/2.0.
>
> Via: SIP/2.0/WSS 4d8asfsdfag3f.invalid;branch=z9hG4bK2797686.
>
> Max-Forwards: 70.
>
> To: <sip:8000 at 24.xx.xx.xx>.
>
> From: "Ctx-WEBSIP-1138" <sip:1138 at 24.xx.xx.xx>;tag=jd85ifa0f2.
>
> Call-ID: 9pujji6vasdfasfrbn2.
>
> CSeq: 906 INVITE.
>
> Contact: <sip:1138 at 24.xx.xx.xx;gr=urn:uuid:121211-a79d-4e76-a010-121211>.
>
> Allow: ACK,CANCEL,INVITE,MESSAGE,BYE,OPTIONS,INFO,NOTIFY,REFER.
>
> Supported: gruu, outbound.
>
> User-Agent: SIP.js/0.7.8.
>
> Content-Type: application/sdp.
>
> Content-Length: 2047.
>
>  
>
>  
>
> *From: *sr-users <sr-users-bounces at lists.kamailio.org>
> *Date: *Thursday, September 10, 2020 at 4:19 PM
> *To: *Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
> *Subject: *Re: [SR-Users] sngrep nor tcpdump showing 5060 traffic but
> ngrep /kama logs show something ? (outbound call)
>
> You sure you’re using 5060 on kamailio?
>
>  
>
> On Fri, 11 Sep 2020 at 00:04, Johnny Ritzer <sudoritz at gmail.com
> <mailto:sudoritz at gmail.com>> wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>
>      
>
>      
>
>     No…  or not that I know of
>
>      
>
>      
>
>      
>
>     This is a  temp GCP (as im building a POC to get this to a working
>     concept.) trying to fine-tune config
>
>      
>
>      
>
>      
>
>      
>
>     *From:
>
>     *sr-users <sr-users-bounces at lists.kamailio.org
>     <mailto:sr-users-bounces at lists.kamailio.org>>
>
>
>     *Date: *Thursday, September 10, 2020 at 3:33 PM
>
>
>     *To: *Kamailio (SER) - Users Mailing List
>     <sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>>
>
>
>     *Subject: *Re: [SR-Users] sngrep nor tcpdump showing 5060 traffic
>     but ngrep /kama logs show something ? (outbound call)
>
>      
>
>      
>
>      
>
>     Are you using vlans? In the past I had issues with ngrep if the
>     packets had vlan tags on them.
>
>      
>
>      
>
>      
>
>      
>
>      
>
>      
>
>      
>
>      
>
>      
>
>      
>
>     On Thu, Sep 10, 2020 at 6:10 PM Johnny Ritzer <sudoritz at gmail.com
>     <mailto:sudoritz at gmail.com>> wrote:
>
>      
>
>      
>
>          
>
>          
>
>          
>
>         I can see kama logs./ngrep when I try to call out (WSS -> ) .
>         But I cant see anything in sngrep nor tcpdump.
>
>          
>
>
>
>
>         “ngrep -d any -qt -W byline port 5060”
>
>          
>
>          
>
>          
>
>         Im not sure how/why or  it could be something simple but what
>         puzzles me is I know im sending data but its not captured.
>
>          
>
>         Setup is pbx at 24.xx.xx.xx but ext is uac.reg to stay connected.
>
>          
>
>         UA client  = sip.js / wss
>
>
>         Inbound works(but  1 way  audio ill fix after outbound issue)
>
>          
>
>         Outbound doesn’t dial out  (UA = webRTC client) using wss.
>         Which led  me to troubleshoot  via  sngrep/tcpdump.
>
>          
>
>          
>
>          
>
>         But I seet his when  it happens knowing I ame getting 
>         something  sent.
>
>          
>
>         Sep 10 21:48:36 kamaProx /usr/sbin/kamailio[27480]: WARNING:
>         <script>: ----RouteLogic--SIP request received on port 4443:
>         from:1138 to:8040  srcip:70.xx.xx.xx
>
>          
>
>         Sep 10 21:48:36 kamaProx /usr/sbin/kamailio[27480]: INFO:
>         <script>: START: INVITE from sip:1138 at 24.xx.xx.xx (IP:
>         70.xx.xx.xx:55041)
>
>          
>
>         Sep 10 21:48:36 kamaProx /usr/sbin/kamailio[27480]: WARNING:
>         <script>: ----RouteLogic--SIP request received on port 4443:
>         from:1138 to:8040  srcip:70.xx.xx.xx
>
>          
>
>         Sep 10 21:48:36 kamaProx /usr/sbin/kamailio[27480]: INFO:
>         <script>: START: ACK from sip:1138 at 24.xx.xx.xx (IP:
>         70.xx.xx.xx:55041)
>
>          
>
>          
>
>          
>
>         _______________________________________________
>
>
>         Kamailio (SER) - Users Mailing List
>
>
>         sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>
>
>         https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>          
>
>      
>
>      
>
>      
>
>
>
>
>
>     _______________________________________________
>
>     Kamailio (SER) - Users Mailing List
>
>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>
>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> -- 
>
> Regards,
>
>  
>
> David Villasmil
>
> email: david.villasmil.work at gmail.com
> <mailto:david.villasmil.work at gmail.com>
>
> phone: +34669448337
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200911/5e159608/attachment.htm>

More information about the sr-users mailing list