Is it somehow possible that ngrep shows incoming INVITE arriving over TCP to Kamailio's listening address and port, but there is no debug trace of the request (e.g. receive_msg(): --- received sip message ...) in syslog?
-- Juha
With UDP for sure, packet capturing tools usually grab the traffic before kernel filter, closer to the network layer. For example, if you have firewall rules to drop traffic on port 5060, you can see it with ngrep, but the application does not get it.
Now, for TCP, I expect that the connection is not established if the lower layers forbid it, so there should be no real data traffic on it. If you list tcp connections with rpc command, do you see the one you noticed traffic for using ngrep but Kamailio does not get it?
Cheers, Daniel
On 04.08.21 14:38, Juha Heinanen wrote:
Is it somehow possible that ngrep shows incoming INVITE arriving over TCP to Kamailio's listening address and port, but there is no debug trace of the request (e.g. receive_msg(): --- received sip message ...) in syslog?
-- Juha
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Daniel-Constantin Mierla writes:
Now, for TCP, I expect that the connection is not established if the lower layers forbid it, so there should be no real data traffic on it. If you list tcp connections with rpc command, do you see the one you noticed traffic for using ngrep but Kamailio does not get it?
OK, thanks, will try rpc next time when the problem appears. Also better to use tshark to see also tcp layer acknowledgments.
-- Juha
Was the SIP message on a TCP port where another process was listening?
I think that a SIP message sent to any TCP port should show up in sngrep, so if you have a webserver, etc. listening then the full packet flow might look like this:
remote_host:12345 web_server:80
=== TCP SYN ===>
<=== TCP SYN/ACK ===
=== TCP ACK ===>
=== SIP INVITE ===> **SHOWS in sngrep**
<=== TCP ACK ===
<=== 400 Bad Request === **NOT in sngrep**
Regards,
Ben Kaufman
-
Ben Kaufman -
Daniel-Constantin Mierla -
Juha Heinanen