[Serusers] Remote Access for SIP trace

Noel Sharpe noels at radnetwork.co.uk
Wed Nov 23 09:18:50 CET 2005 

Hi

I use ngrep to create my traces, and then analyse the trace in 
ethereal.  The latest version has a great analyse function which shows 
all the sip calls, and then you can create flow graphs for one or 
multiple calls.  It's a great way to look at complex traces...
The commands I use are:
ngrep -d any -W byline -O /tmp/trace.log port 5060
This will output all packets to and from SER on the screen in a nice 
easy to see format, and will also create a pcap compatible trace file in 
/tmp, which I then use ethereal to look at.
A nice feature of ngrep is that you can filter the traces by anything 
e.g. by putting the username before port 5060 you will capture only 
packets that refer to that user.
I don't think that it's such a great idea to log all the packets all the 
time, but suggest that the GUI could run ngrep to trace calls for a 
specific username when the support staff require. 

Noel


Greger V. Teigre wrote:

> I know another approach has been to:
> a) Run tcpdump continously (or when tracing is required) and dump to a 
> file
> b) Use sip_analyze to generate the SIP trace in HTML and make it 
> available
> c) Make an HTML interface to sip_analyze where various filters could 
> be set
>
> This way a simple html form can be used to create a trace.  The 
> drawback is the tcpdump file, but you could use rotatelogs and clean 
> up old dumps in cron.
>
> This is one of the things that many people would like (or would 
> benefit from) and I'm working on a debugging "framework" for the 
> onsip.org Getting Started configs and such a setup would be useful. I 
> would be interested to hear from anyone who have a working setup and 
> who would like to contribute their code to open source.
> g-)
>
> ----- Original Message ----- From: "Steve Blair" <blairs at isc.upenn.edu>
> To: "Rodrigo P. Telles" <telles at devel.it>
> Cc: <serusers at lists.iptel.org>
> Sent: Tuesday, November 22, 2005 10:02 PM
> Subject: Re: [Serusers] Remote Access for SIP trace
>
>
>>
>>
>> Rodrigo P. Telles wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Hi Folks,
>>>
>>> I'm using SER in a carrier grade mode and I need to create an 
>>> interface (GUI) to
>>> our support team run SIP traces in our SER box.
>>> I think I have an idea to solve that problem but I don't know if 
>>> it's the best
>>> one, follow the idea:
>>>
>>> SERVER (SER)
>>> 1 - Run an application in daemon mode using libpcap to capture 
>>> traffic on port 5060
>>> - listening on a TCP port
>>> - capture traffic all the time
>>> - push all captured traffic to that TCP port (any one who 
>>> connect/telnet on
>>> that port can see the traffic - without authentication by now)
>>>
>>>
>> This is sort of what we did for basic troubleshooting. The difference 
>> is that we provide a web
>> interface with three links, 10 second, 30 second and 60 second 
>> capture. The duration of the
>> capture is then passed to a cgi script that runs ethereal and 
>> displays the results on the web
>> page. You could probably improve upon this by adding address 
>> filtering options to the web
>> interface.
>>
>>> CLIENT (GUI)
>>> 2 - Developed using JAVA || PHP-GTK || C++ || ....
>>> - Connect to remote port to listen the traffic
>>> - Can filter what do you want to see (show only filtered traffic or 
>>> all)
>>> - Colorized matches
>>> - Can save the result of your dump/filter to a file
>>> - etc
>>>
>>>
>> The web interface I described allows us to avoid writing anything 
>> other than some php and
>> perl but a java interface would do too.
>>
>>> So I did a concept proof...
>>>
>>> 1 - Wrote a simple server program using Perl who run ngrep in SER 
>>> box and push
>>> the captured traffic through it's listening TCP port;
>>> 2 - Wrote a simple client program using Perl who connect to a remote 
>>> port and
>>> filter what you want to see or all the traffic;
>>>
>>> ..and works like
>>
>> I'd probably do away with the client just because I don't like 
>> distributing software to
>> clients but that's me :-)
>>
>>> a charm :-)
>>>
>>> I'd like to hear opnions from SER members about the idea.
>>>
>>> Best regards,
>>> - --
>>> ============================================
>>> Rodrigo P. Telles <telles at devel.it>
>>> IT Manager
>>> Devel-IT - http://www.devel.it
>>> IVOZ # 1029
>>> +55 14 3324-1200
>>> Bestcom Group
>>> ============================================
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.2.4 (GNU/Linux)
>>> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>>
>>> iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98
>>> TpmB5w1kvF7xkTc1XC3o+7Y=
>>> =fkKs
>>> -----END PGP SIGNATURE-----
>>>
>>> _______________________________________________
>>> Serusers mailing list
>>> serusers at lists.iptel.org
>>> http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>

More information about the sr-users mailing list