[Serusers] Remote Access for SIP trace

Jiri Kuthan jiri at iptel.org
Thu Nov 24 18:39:11 CET 2005 

What is tcp_analyze?

On a side-note: there is no easy TCP fitlering expression as both sides
of TCP connections may use ephemeral ports.

-jiri

At 08:04 AM 11/23/2005, Greger V. Teigre wrote:
>I know another approach has been to:
>a) Run tcpdump continously (or when tracing is required) and dump to a file
>b) Use sip_analyze to generate the SIP trace in HTML and make it available
>c) Make an HTML interface to sip_analyze where various filters could be set
>
>This way a simple html form can be used to create a trace.  The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
>
>This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source.
>g-)
>
>----- Original Message ----- From: "Steve Blair" <blairs at isc.upenn.edu>
>To: "Rodrigo P. Telles" <telles at devel.it>
>Cc: <serusers at lists.iptel.org>
>Sent: Tuesday, November 22, 2005 10:02 PM
>Subject: Re: [Serusers] Remote Access for SIP trace
>
>
>>
>>
>>Rodrigo P. Telles wrote:
>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>Hi Folks,
>>>
>>>I'm using SER in a carrier grade mode and I need to create an interface (GUI) to
>>>our support team run SIP traces in our SER box.
>>>I think I have an idea to solve that problem but I don't know if it's the best
>>>one, follow the idea:
>>>
>>>SERVER (SER)
>>>1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
>>>- listening on a TCP port
>>>- capture traffic all the time
>>>- push all captured traffic to that TCP port (any one who connect/telnet on
>>>that port can see the traffic - without authentication by now)
>>>
>>This is sort of what we did for basic troubleshooting. The difference is that we provide a web
>>interface with three links, 10 second, 30 second and 60 second capture. The duration of the
>>capture is then passed to a cgi script that runs ethereal and displays the results on the web
>>page. You could probably improve upon this by adding address filtering options to the web
>>interface.
>>
>>>CLIENT (GUI)
>>>2 - Developed using JAVA || PHP-GTK || C++ || ....
>>>- Connect to remote port to listen the traffic
>>>- Can filter what do you want to see (show only filtered traffic or all)
>>>- Colorized matches
>>>- Can save the result of your dump/filter to a file
>>>- etc
>>>
>>The web interface I described allows us to avoid writing anything other than some php and
>>perl but a java interface would do too.
>>
>>>So I did a concept proof...
>>>
>>>1 - Wrote a simple server program using Perl who run ngrep in SER box and push
>>>the captured traffic through it's listening TCP port;
>>>2 - Wrote a simple client program using Perl who connect to a remote port and
>>>filter what you want to see or all the traffic;
>>>
>>>..and works like
>>I'd probably do away with the client just because I don't like distributing software to
>>clients but that's me :-)
>>
>>>a charm :-)
>>>
>>>I'd like to hear opnions from SER members about the idea.
>>>
>>>Best regards,
>>>- --
>>>============================================
>>>Rodrigo P. Telles <telles at devel.it>
>>>IT Manager
>>>Devel-IT - http://www.devel.it
>>>IVOZ # 1029
>>>+55 14 3324-1200
>>>Bestcom Group
>>>============================================
>>>-----BEGIN PGP SIGNATURE-----
>>>Version: GnuPG v1.2.4 (GNU/Linux)
>>>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>>
>>>iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98
>>>TpmB5w1kvF7xkTc1XC3o+7Y=
>>>=fkKs
>>>-----END PGP SIGNATURE-----
>>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
>>
>
>_______________________________________________
>Serusers mailing list
>serusers at lists.iptel.org
>http://lists.iptel.org/mailman/listinfo/serusers

--
Jiri Kuthan            http://iptel.org/~jiri/

More information about the sr-users mailing list