There are two options 1- use SIMPDUMP module to dup all SIP packets in Log file SIPDUMP Module | | | | SIPDUMP Module | | |   2- use SIPTRACE module and broadcast SIP traffic from kamailio to any local port and then capture through sngrep -p BROACST_PORT SipTrace Module | | | | SipTrace Module | | | loadmodule "siptrace.so" # check IP and port of your capture nodemodparam("siptrace", "duplicate_uri", "sip:127.0.0.1:9060")modparam("siptrace", "hep_mode_on", 0)modparam("siptrace", "trace_to_database", 0)modparam("siptrace", "trace_flag", 22)modparam("siptrace", "trace_on", 1)# modparam("siptrace", "hep_version", 3)modparam("siptrace", "xheaders_write", 1) during code use  setflag(22); sip_trace(); This will broadcast SIP packet to local 9060 port and u can capture that through sngrep. I hope it will help. On Tuesday, December 8, 2020, 01:08:44 PM GMT+5, Daniel-Constantin Mierla <miconda(a)gmail.com> wrote: Hello, there were some limitations in sngrep for capturing tls traffic:   * https://github.com/irontec/sngrep/issues/112 Not sure if there was any work afterwards to improve. The best place to ask in on sngrep project. Anyhow, I want to add that if you use Kamailio, then you can load sipdump module and get the traffic stored in pcap files -- it requires master branch:   *https://www.kamailio.org/docs/modules/devel/modules/sipdump.html#sipdump.p.mode For stable branches, sipdump can store the traffic in text files. Cheers, Daniel On 08.12.20 08:37, Yuriy Gorlichenko wrote: As I remember sngrep doesn't work with TLS 1.3, so may be it is your case. On Tue, 8 Dec 2020, 08:01 Agiftel, <agiftel(a)gmail.com> wrote: Hi all, does anyone was able to use sngrep (with -k option) to decrypt TLS connections? I'am doing what help says; used private key is the correct one; but no traffic is seen on sngrep. If i use not ecrypted call i can see everything, so sngrep is working good. Any hint? regards -- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html _______________________________________________ Kamailio (SER) - Users Mailing List sr-users(a)lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users _______________________________________________Kamailio (SER) - Users Mailing Listsr-users@lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Funding: https://www.paypal.me/dcmierla _______________________________________________ Kamailio (SER) - Users Mailing List sr-users(a)lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Hi again, I sang victory too soon :-( It's working perfectly if SIP calls are UDP or TCP based. If are TLS, very strange thing, i can see all trace inside file .data created by siptrace but if I open that file using sngrep, TLS calls are never displayed. Any idea? If not, anyway, I would like to ask you what is the best way to troubleshoot TLS calls? What do you use guys? Best regards -- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html

Thank you for advice! Now I can see also TLS calls (using HOMER 7 on docker) Regards -- Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html