[Serusers] Remote Access for SIP trace

Klaus Darilion klaus.mailinglists at pernau.at
Fri Nov 25 09:49:50 CET 2005 

Jiri Kuthan wrote:
> What is tcp_analyze?
> 
> On a side-note: there is no easy TCP fitlering expression as both sides
> of TCP connections may use ephemeral ports.

Yes, but usually at least one socket (the incoming) uses port 5060.

klaus

> 
> -jiri
> 
> At 08:04 AM 11/23/2005, Greger V. Teigre wrote:
> 
>>I know another approach has been to:
>>a) Run tcpdump continously (or when tracing is required) and dump to a file
>>b) Use sip_analyze to generate the SIP trace in HTML and make it available
>>c) Make an HTML interface to sip_analyze where various filters could be set
>>
>>This way a simple html form can be used to create a trace.  The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
>>
>>This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source.
>>g-)
>>
>>----- Original Message ----- From: "Steve Blair" <blairs at isc.upenn.edu>
>>To: "Rodrigo P. Telles" <telles at devel.it>
>>Cc: <serusers at lists.iptel.org>
>>Sent: Tuesday, November 22, 2005 10:02 PM
>>Subject: Re: [Serusers] Remote Access for SIP trace
>>
>>
>>
>>>
>>>Rodrigo P. Telles wrote:
>>>
>>>
>>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>>Hash: SHA1
>>>>
>>>>Hi Folks,
>>>>
>>>>I'm using SER in a carrier grade mode and I need to create an interface (GUI) to
>>>>our support team run SIP traces in our SER box.
>>>>I think I have an idea to solve that problem but I don't know if it's the best
>>>>one, follow the idea:
>>>>
>>>>SERVER (SER)
>>>>1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
>>>>- listening on a TCP port
>>>>- capture traffic all the time
>>>>- push all captured traffic to that TCP port (any one who connect/telnet on
>>>>that port can see the traffic - without authentication by now)
>>>>
>>>
>>>This is sort of what we did for basic troubleshooting. The difference is that we provide a web
>>>interface with three links, 10 second, 30 second and 60 second capture. The duration of the
>>>capture is then passed to a cgi script that runs ethereal and displays the results on the web
>>>page. You could probably improve upon this by adding address filtering options to the web
>>>interface.
>>>
>>>
>>>>CLIENT (GUI)
>>>>2 - Developed using JAVA || PHP-GTK || C++ || ....
>>>>- Connect to remote port to listen the traffic
>>>>- Can filter what do you want to see (show only filtered traffic or all)
>>>>- Colorized matches
>>>>- Can save the result of your dump/filter to a file
>>>>- etc
>>>>
>>>
>>>The web interface I described allows us to avoid writing anything other than some php and
>>>perl but a java interface would do too.
>>>
>>>
>>>>So I did a concept proof...
>>>>
>>>>1 - Wrote a simple server program using Perl who run ngrep in SER box and push
>>>>the captured traffic through it's listening TCP port;
>>>>2 - Wrote a simple client program using Perl who connect to a remote port and
>>>>filter what you want to see or all the traffic;
>>>>
>>>>..and works like
>>>
>>>I'd probably do away with the client just because I don't like distributing software to
>>>clients but that's me :-)
>>>
>>>
>>>>a charm :-)
>>>>
>>>>I'd like to hear opnions from SER members about the idea.
>>>>
>>>>Best regards,
>>>>- --
>>>>============================================
>>>>Rodrigo P. Telles <telles at devel.it>
>>>>IT Manager
>>>>Devel-IT - http://www.devel.it
>>>>IVOZ # 1029
>>>>+55 14 3324-1200
>>>>Bestcom Group
>>>>============================================
>>>>-----BEGIN PGP SIGNATURE-----
>>>>Version: GnuPG v1.2.4 (GNU/Linux)
>>>>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>>>
>>>>iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98
>>>>TpmB5w1kvF7xkTc1XC3o+7Y=
>>>>=fkKs
>>>>-----END PGP SIGNATURE-----
>>>>
>>>>_______________________________________________
>>>>Serusers mailing list
>>>>serusers at lists.iptel.org
>>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>>_______________________________________________
>>>Serusers mailing list
>>>serusers at lists.iptel.org
>>>http://lists.iptel.org/mailman/listinfo/serusers
>>>
>>
>>_______________________________________________
>>Serusers mailing list
>>serusers at lists.iptel.org
>>http://lists.iptel.org/mailman/listinfo/serusers
> 
> 
> --
> Jiri Kuthan            http://iptel.org/~jiri/ 
> 
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
> 
>

More information about the sr-users mailing list