-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060 - listening on a TCP port - capture traffic all the time - push all captured traffic to that TCP port (any one who connect/telnet on that port can see the traffic - without authentication by now)
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || .... - Connect to remote port to listen the traffic - Can filter what do you want to see (show only filtered traffic or all) - Colorized matches - Can save the result of your dump/filter to a file - etc
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards, - -- ============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================
Rodrigo P. Telles wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who connect/telnet on
that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98 TpmB5w1kvF7xkTc1XC3o+7Y= =fkKs -----END PGP SIGNATURE-----
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I know another approach has been to: a) Run tcpdump continously (or when tracing is required) and dump to a file b) Use sip_analyze to generate the SIP trace in HTML and make it available c) Make an HTML interface to sip_analyze where various filters could be set
This way a simple html form can be used to create a trace. The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source. g-)
----- Original Message ----- From: "Steve Blair" blairs@isc.upenn.edu To: "Rodrigo P. Telles" telles@devel.it Cc: serusers@lists.iptel.org Sent: Tuesday, November 22, 2005 10:02 PM Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who connect/telnet
on that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98 TpmB5w1kvF7xkTc1XC3o+7Y= =fkKs -----END PGP SIGNATURE-----
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hi
I use ngrep to create my traces, and then analyse the trace in ethereal. The latest version has a great analyse function which shows all the sip calls, and then you can create flow graphs for one or multiple calls. It's a great way to look at complex traces... The commands I use are: ngrep -d any -W byline -O /tmp/trace.log port 5060 This will output all packets to and from SER on the screen in a nice easy to see format, and will also create a pcap compatible trace file in /tmp, which I then use ethereal to look at. A nice feature of ngrep is that you can filter the traces by anything e.g. by putting the username before port 5060 you will capture only packets that refer to that user. I don't think that it's such a great idea to log all the packets all the time, but suggest that the GUI could run ngrep to trace calls for a specific username when the support staff require.
Noel
Greger V. Teigre wrote:
I know another approach has been to: a) Run tcpdump continously (or when tracing is required) and dump to a file b) Use sip_analyze to generate the SIP trace in HTML and make it available c) Make an HTML interface to sip_analyze where various filters could be set
This way a simple html form can be used to create a trace. The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source. g-)
----- Original Message ----- From: "Steve Blair" blairs@isc.upenn.edu To: "Rodrigo P. Telles" telles@devel.it Cc: serusers@lists.iptel.org Sent: Tuesday, November 22, 2005 10:02 PM Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who
connect/telnet on that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or
all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98 TpmB5w1kvF7xkTc1XC3o+7Y= =fkKs -----END PGP SIGNATURE-----
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I use ngrep to create my traces, and then analyse the trace in ethereal. The latest version has a great analyse function which shows all the sip calls, and then you can create flow graphs for one or multiple calls. It's a great way to look at complex traces...
Hey! That's great; I didn't know about the new functionality. Thanks for telling us! g-)
The commands I use are: ngrep -d any -W byline -O /tmp/trace.log port 5060 This will output all packets to and from SER on the screen in a nice easy to see format, and will also create a pcap compatible trace file in /tmp, which I then use ethereal to look at. A nice feature of ngrep is that you can filter the traces by anything e.g. by putting the username before port 5060 you will capture only packets that refer to that user. I don't think that it's such a great idea to log all the packets all the time, but suggest that the GUI could run ngrep to trace calls for a specific username when the support staff require. Noel
Greger V. Teigre wrote:
I know another approach has been to: a) Run tcpdump continously (or when tracing is required) and dump to a file b) Use sip_analyze to generate the SIP trace in HTML and make it available c) Make an HTML interface to sip_analyze where various filters could be set
This way a simple html form can be used to create a trace. The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source. g-)
----- Original Message ----- From: "Steve Blair" blairs@isc.upenn.edu To: "Rodrigo P. Telles" telles@devel.it Cc: serusers@lists.iptel.org Sent: Tuesday, November 22, 2005 10:02 PM Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who
connect/telnet on that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or
all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98 TpmB5w1kvF7xkTc1XC3o+7Y= =fkKs -----END PGP SIGNATURE-----
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Greger,
Greger V. Teigre wrote:
I know another approach has been to: a) Run tcpdump continously (or when tracing is required) and dump to a file b) Use sip_analyze to generate the SIP trace in HTML and make it available c) Make an HTML interface to sip_analyze where various filters could be set
It's a nice idea! What's sip_analyze?
Thanks for your reply.
This way a simple html form can be used to create a trace. The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source. g-)
----- Original Message ----- From: "Steve Blair" blairs@isc.upenn.edu To: "Rodrigo P. Telles" telles@devel.it Cc: serusers@lists.iptel.org Sent: Tuesday, November 22, 2005 10:02 PM Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who
connect/telnet on that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I'm sorry, I meant sip_scenario... http://www.iptel.org/~sipsc/ g-) ----- Original Message ----- From: "Rodrigo P. Telles" telles@devel.it To: serusers@lists.iptel.org Sent: Wednesday, November 23, 2005 1:04 PM Subject: Re: [Serusers] Remote Access for SIP trace
Greger,
Greger V. Teigre wrote:
I know another approach has been to: a) Run tcpdump continously (or when tracing is required) and dump to a file b) Use sip_analyze to generate the SIP trace in HTML and make it available c) Make an HTML interface to sip_analyze where various filters could be set
It's a nice idea! What's sip_analyze?
Thanks for your reply.
This way a simple html form can be used to create a trace. The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source. g-)
----- Original Message ----- From: "Steve Blair" blairs@isc.upenn.edu To: "Rodrigo P. Telles" telles@devel.it Cc: serusers@lists.iptel.org Sent: Tuesday, November 22, 2005 10:02 PM Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who
connect/telnet on that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
What is tcp_analyze?
On a side-note: there is no easy TCP fitlering expression as both sides of TCP connections may use ephemeral ports.
-jiri
At 08:04 AM 11/23/2005, Greger V. Teigre wrote:
I know another approach has been to: a) Run tcpdump continously (or when tracing is required) and dump to a file b) Use sip_analyze to generate the SIP trace in HTML and make it available c) Make an HTML interface to sip_analyze where various filters could be set
This way a simple html form can be used to create a trace. The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source. g-)
----- Original Message ----- From: "Steve Blair" blairs@isc.upenn.edu To: "Rodrigo P. Telles" telles@devel.it Cc: serusers@lists.iptel.org Sent: Tuesday, November 22, 2005 10:02 PM Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who connect/telnet on
that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98 TpmB5w1kvF7xkTc1XC3o+7Y= =fkKs -----END PGP SIGNATURE-----
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
What is tcp_analyze?
It was sip_scenario I was thinking about. Just a memory glitch... I corrected that in a new post.
On a side-note: there is no easy TCP fitlering expression as both sides of TCP connections may use ephemeral ports.
Thanks, I wasn't aware of that. I just assumed that the port was specified explicitly. g-)
-jiri
At 08:04 AM 11/23/2005, Greger V. Teigre wrote:
I know another approach has been to: a) Run tcpdump continously (or when tracing is required) and dump to a file b) Use sip_analyze to generate the SIP trace in HTML and make it available c) Make an HTML interface to sip_analyze where various filters could be set
This way a simple html form can be used to create a trace. The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source. g-)
----- Original Message ----- From: "Steve Blair" blairs@isc.upenn.edu To: "Rodrigo P. Telles" telles@devel.it Cc: serusers@lists.iptel.org Sent: Tuesday, November 22, 2005 10:02 PM Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who connect/telnet
on that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98 TpmB5w1kvF7xkTc1XC3o+7Y= =fkKs -----END PGP SIGNATURE-----
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Jiri Kuthan wrote:
What is tcp_analyze?
On a side-note: there is no easy TCP fitlering expression as both sides of TCP connections may use ephemeral ports.
Yes, but usually at least one socket (the incoming) uses port 5060.
klaus
-jiri
At 08:04 AM 11/23/2005, Greger V. Teigre wrote:
I know another approach has been to: a) Run tcpdump continously (or when tracing is required) and dump to a file b) Use sip_analyze to generate the SIP trace in HTML and make it available c) Make an HTML interface to sip_analyze where various filters could be set
This way a simple html form can be used to create a trace. The drawback is the tcpdump file, but you could use rotatelogs and clean up old dumps in cron.
This is one of the things that many people would like (or would benefit from) and I'm working on a debugging "framework" for the onsip.org Getting Started configs and such a setup would be useful. I would be interested to hear from anyone who have a working setup and who would like to contribute their code to open source. g-)
----- Original Message ----- From: "Steve Blair" blairs@isc.upenn.edu To: "Rodrigo P. Telles" telles@devel.it Cc: serusers@lists.iptel.org Sent: Tuesday, November 22, 2005 10:02 PM Subject: Re: [Serusers] Remote Access for SIP trace
Rodrigo P. Telles wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Folks,
I'm using SER in a carrier grade mode and I need to create an interface (GUI) to our support team run SIP traces in our SER box. I think I have an idea to solve that problem but I don't know if it's the best one, follow the idea:
SERVER (SER) 1 - Run an application in daemon mode using libpcap to capture traffic on port 5060
- listening on a TCP port
- capture traffic all the time
- push all captured traffic to that TCP port (any one who connect/telnet on
that port can see the traffic - without authentication by now)
This is sort of what we did for basic troubleshooting. The difference is that we provide a web interface with three links, 10 second, 30 second and 60 second capture. The duration of the capture is then passed to a cgi script that runs ethereal and displays the results on the web page. You could probably improve upon this by adding address filtering options to the web interface.
CLIENT (GUI) 2 - Developed using JAVA || PHP-GTK || C++ || ....
- Connect to remote port to listen the traffic
- Can filter what do you want to see (show only filtered traffic or all)
- Colorized matches
- Can save the result of your dump/filter to a file
- etc
The web interface I described allows us to avoid writing anything other than some php and perl but a java interface would do too.
So I did a concept proof...
1 - Wrote a simple server program using Perl who run ngrep in SER box and push the captured traffic through it's listening TCP port; 2 - Wrote a simple client program using Perl who connect to a remote port and filter what you want to see or all the traffic;
..and works like
I'd probably do away with the client just because I don't like distributing software to clients but that's me :-)
a charm :-)
I'd like to hear opnions from SER members about the idea.
Best regards,
============================================ Rodrigo P. Telles telles@devel.it IT Manager Devel-IT - http://www.devel.it IVOZ # 1029 +55 14 3324-1200 Bestcom Group ============================================ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDg3BWiLK8unYgEMQRAiqlAJ97fGI6OMAJvXzki77J9a5WS+KXpACeMX98 TpmB5w1kvF7xkTc1XC3o+7Y= =fkKs -----END PGP SIGNATURE-----
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
At 09:49 25.11.2005, Klaus Darilion wrote:
Jiri Kuthan wrote:
What is tcp_analyze? On a side-note: there is no easy TCP fitlering expression as both sides of TCP connections may use ephemeral ports.
Yes, but usually at least one socket (the incoming) uses port 5060.
I think that actually the case without 5060 is fairly usual -- SER opens up a TCP connection to a downstream agent. In that case, SER uses ephemeral port number and frequently the agent registered with an ephemeral number too (even if it used 5060, it may be behind a NAT)
-jiri
Jiri Kuthan wrote:
At 09:49 25.11.2005, Klaus Darilion wrote:
Jiri Kuthan wrote:
What is tcp_analyze? On a side-note: there is no easy TCP fitlering expression as both sides of TCP connections may use ephemeral ports.
Yes, but usually at least one socket (the incoming) uses port 5060.
I think that actually the case without 5060 is fairly usual -- SER opens up a TCP connection to a downstream agent. In that case, SER uses ephemeral port number and frequently the agent registered with an ephemeral number too (even if it used 5060, it may be behind a NAT)
indeed, you are right, except in the NAT case. If the client is behind NAT, the proxy can not establish a TCP connection to the client. AFAIK, for TCP based NAT traversal, the initial TCP session will be kept open. The initial session however will typically made to proxyip:5060.
regards klaus
-
Greger V. Teigre -
Jiri Kuthan -
Klaus Darilion -
Noel Sharpe -
Rodrigo P. Telles -
Steve Blair