Enable TLS debugging with SNGREP

Status
Not open for further replies.

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,038
556
113
Thanks to a guy called TomP over at https://www.tomp.uk/2019/02/freeswitch-sip-capture-over-tls-with-sngrep-and-hep/ for this solution.

Code:
nano -w /usr/share/freeswitch/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua
Change the line from:
Code:
--table.insert(xml, [[                          <param name="capture-server" value="udp:homer.domain.com:5060"/>]]);
To:
Code:
table.insert(xml, [[                            <param name="capture-server" value="udp:127.0.0.1:9060"/>]]);

Flush the cache and restart Freeswitch.

When you want to use SNGREP to capture your TLS and other traffic:

To start Freeswitch capturing the traffic:
Code:
fs_cli -x 'sofia global capture on'

Start SNGREP with:
Code:
sngrep -L udp:127.0.0.1:9060 -d lo

To stop Freeswitch capturing the traffic:
Code:
fs_cli -x 'sofia global capture off'

@markjcrane likes the look of this so very soon, hopefully you won't need to edit the lua file, it should already be set. Regardless, this will allow you to do it on existing systems.
 

ad5ou

Active Member
Jun 12, 2018
884
195
43
I took it a step farther and made a little script to save a bit of typing.
I named it tracetls.sh but whatever is easy to remember.
Code:
#!/bin/sh
fs_cli -x 'sofia global capture on'
sngrep -L udp:127.0.0.1:9060 -d lo
fs_cli -x 'sofia global capture off'
When the script is run, it turns on the capture, loads sngrep with correct flags. When sngrep exits, it turns off the capture.
 

leandrodes87

New Member
Mar 24, 2020
20
2
3
36
Hy

Guy, but i don't understand about this solution or it's don't resolving for me.

I want to capture any traffic in my Fusionpbx, because all my phones its working remote , this phones working only in TLS, because only foward 5061 port in my firewall to my FusionPBX, i see all phones in "Status > Registration" with TLS protocol.

But i don't see "Extensions registrations" and any internal call in "SNGREP", i only see external call, where i use external gateways with UDP Protocol.

I believe that post is about this, it's allright?

i make this all, but i keep seeing only external calls, anything its welcome.

Thanks
 

leandrodes87

New Member
Mar 24, 2020
20
2
3
36
Digital Daz,

Thanks for a rapid response, but for me dosn't work, i take this :

I Connect in server by ssh and change file sofia.conf.lua
vi /usr/share/freeswitch/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua
in line 87
---table.insert(xml, [[ <param name="capture-server" value="udp:homer.domain.com:5060"/>]])
I change "udp:homer.domain.com :5060" to "udp:127.0.0.1:9060" and remove -- in initial

I connect by WEB with admin user
Go in Status > SIP Profiles, Click in Flush Cache
In ssh systemctl restart freeswitch,

in sequence, i take a command
sngrep -L udp:127.0.0.1:9060 -d lo

and close my softphone and open, and restart my HardPhone.


This Extensions register again, but in SNGREP don't anything.

I try in SNGREP change by F8 in tab EEP / HEP Homer the parameter "Send all captures SIP packets" to on (default is off) but i restart again my phones and don't see anithing in SNGREP.

My FusionPBX is version 4.5.13 and use letsencrypt certificate to TLS.

Do you have any idea to help-me?
 

leandrodes87

New Member
Mar 24, 2020
20
2
3
36
Hi,
Do anything more idea about this? I losing so much to resolve this for see my users calling, because sometimes his has difficult to call example.
 

leandrodes87

New Member
Mar 24, 2020
20
2
3
36
Hi

@DigitalDaz
sorry for uncomfortable, but i need any solution for this.

i noticed, when try start capture, i receive errors in fs_cli

after i write sofia.cnf.lua, flush cache in web, and restart by commando (systemctl restart freeswitch) or then shutdown -r now

after restar, when i connect in fs_cli and make a command: sofia global capture on

i receive various:

error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success

and when i make: sofia global capture off

this erros stop, do you have any other sugestion about this?
 

felipe.pasa

New Member
Jan 9, 2019
8
2
3
43
Brazil
gnovit.com
Hi,

I had to put this configuration in the profile sip to work

param name="capture-server" value="udp:127.0.0.1:9060"

after this, restart the profile and run sngrep
 

etsiot

Member
Jan 14, 2018
46
1
8
54
Thanks to a guy called TomP over at https://www.tomp.uk/2019/02/freeswitch-sip-capture-over-tls-with-sngrep-and-hep/ for this solution.

Code:
nano -w /usr/share/freeswitch/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua
Change the line from:
Code:
--table.insert(xml, [[                          <param name="capture-server" value="udp:homer.domain.com:5060"/>]]);
To:
Code:
table.insert(xml, [[                            <param name="capture-server" value="udp:127.0.0.1:9060"/>]]);

Flush the cache and restart Freeswitch.

When you want to use SNGREP to capture your TLS and other traffic:

To start Freeswitch capturing the traffic:
Code:
fs_cli -x 'sofia global capture on'

Start SNGREP with:
Code:
sngrep -L udp:127.0.0.1:9060 -d lo

To stop Freeswitch capturing the traffic:
Code:
fs_cli -x 'sofia global capture off'

@markjcrane likes the look of this so very soon, hopefully you won't need to edit the lua file, it should already be set. Regardless, this will allow you to do it on existing systems.
Looking to implement this, yet sofia.conf.lua contains no such code? Has it been implemented some other way in the latest code?
 
Status
Not open for further replies.