23 Nov
2005
23 Nov
'05
10:18 a.m.
Hi
I use ngrep to create my traces, and then analyse the trace in
ethereal. The latest version has a great analyse function which shows
all the sip calls, and then you can create flow graphs for one or
multiple calls. It's a great way to look at complex traces...
The commands I use are:
ngrep -d any -W byline -O /tmp/trace.log port 5060
This will output all packets to and from SER on the screen in a nice
easy to see format, and will also create a pcap compatible trace file in
/tmp, which I then use ethereal to look at.
A nice feature of ngrep is that you can filter the traces by anything
e.g. by putting the username before port 5060 you will capture only
packets that refer to that user.
I don't think that it's such a great idea to log all the packets all the
time, but suggest that the GUI could run ngrep to trace calls for a
specific username when the support staff require.
Noel
Greger V. Teigre wrote:
I know another approach has been to:
a) Run tcpdump continously (or when tracing is required) and dump to a
file
b) Use sip_analyze to generate the SIP trace in HTML and make it
available
c) Make an HTML interface to sip_analyze where various filters could
be set
This way a simple html form can be used to create a trace. The
drawback is the tcpdump file, but you could use rotatelogs and clean
up old dumps in cron.
This is one of the things that many people would like (or would
benefit from) and I'm working on a debugging "framework" for the
onsip.org Getting Started configs and such a setup would be useful. I
would be interested to hear from anyone who have a working setup and
who would like to contribute their code to open source.
g-)
----- Original Message ----- From: "Steve Blair" <blairs(a)isc.upenn.edu>
To: "Rodrigo P. Telles" <telles(a)devel.it>
Cc: <serusers(a)lists.iptel.org>
Sent: Tuesday, November 22, 2005 10:02 PM
Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an
interface (GUI) to
our support team run SIP traces in our SER box.
I think I have an idea to solve that problem but I don't know if
it's the best
one, follow the idea:
SERVER (SER)
1 - Run an application in daemon mode using libpcap to capture
traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who
connect/telnet on
that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference
is that we provide a web
interface with three links, 10 second, 30 second and 60 second
capture. The duration of the
capture is then passed to a cgi script that runs ethereal and
displays the results on the web
page. You could probably improve upon this by adding address
filtering options to the web
interface.
CLIENT (GUI)
2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or
all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything
other than some php and
perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER
box and push
the captured traffic through it's listening TCP port;
2 - Wrote a simple client program using Perl who connect to a remote
port and
filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like
distributing software to
clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
- --
============================================
Rodrigo P. Telles <telles(a)devel.it>
IT Manager
Devel-IT - http://www.devel.it
IVOZ # 1029
+55 14 3324-1200
Bestcom Group
============================================
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98
TpmB5w1kvF7xkTc1XC3o+7Y=
=fkKs
-----END PGP SIGNATURE-----
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers