Watching TLS SIP traffic with sngrep

[TurabG]

There are guides about this but they are old and different from each other and none of them worked with current version.

One of them being this:

Enable TLS debugging with SNGREP

Thanks to a guy called TomP over at https://www.tomp.uk/2019/02/freeswitch-sip-capture-over-tls-with-sngrep-and-hep/ for this solution. nano -w /usr/share/freeswitch/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua Change the line from: --table.insert(xml, [[...

www.pbxforums.com

The other being this:

Freeswitch SIP Capture over TLS with SNGREP and HEP - TomP

www.tomp.uk

Following the commenters' advices and these guides, I still can't make it work. Any ideas how to make it possible? All our clients are connected via TLS-NAT, only one with TCP and one with TLS without NAT. So it is actually vital to be able to diagnose SIP problems with TLS.

 

[pksml]

I was struggling with this and finally got it to work!

I'm using Debian btw...

Install sngrep from command line:

bash /usr/src/fusionpbx-install.sh/debian/resources/sngrep.sh

In the GUI:

GUI: Advanced --> SIP Profiles --> SETTINGS
add variable capture-server --> udp:127.0.0.1:9060

If you can't find the page, the URL to it is https://YOURDOMAIN.COM/app/sofia_global_settings/sofia_global_settings.php

Now enable sip capturing either globally OR on a particular profile OR on-demand using fs_cli:

enable globally:
GUI: Advanced --> SIP Profiles --> SETTINGS
add sip-capture --> yes

enable on single profile:
GUI: Advanced --> SIP Profiles --> pick a profile
modify sip-capture --> yes

enable on-demand globally from fs_cli:
sofia global capture on

enable on-demand per-profile from fs_cli:
sofia profile internal capture on

Lastly, run sngrep:

sngrep -L udp:127.0.0.1:9060

It's worth noting that you can save the packets that sngrep captures to a PCAP file for future analysis via Wireshark. Be sure to check out the manpage for sngrep for that option and more.

 

[TurabG]

Thank you for taking time to note all that down here. But I am actually getting the cold feet to test this out because I tried adding "capture-server" variable to SIP profiles and everything broke down on the production server. The clients kept registering over and over. There are 14 clients but there were 30-40 registrations and it kept growing until I removed that variable from the profile. Having that many registrations, it wasn't possible to place or receive calls. But to be honest, I didn't know Sofia settings could be globally manipulated without entering to individual SIP profiles. So do you think would it make any difference putting that variable globally rather than on individual profile? Or you meant we have to do this both at the same time:

enable globally:
GUI: Advanced --> SIP Profiles --> SETTINGS
add sip-capture --> yes

enable on single profile:
GUI: Advanced --> SIP Profiles --> pick a profile
modify sip-capture --> yes

 

[pksml]

You only need to do one of those options. Either globally, per profile, or in the console. I’m not an expert, but it seems to me that turning it on in fs_cli only modifies the setting for the duration that you have the console open. (If I’m wrong, it certainly wouldn’t survive a restart of the freeswitch service.)

 

[TurabG]

Well, enabling on demand through fs_cli doesn't work for me and enabling sip-capture with capture-server breaks everything. But I will try global capture settings through Sofia outside office hours to see what happens.

 

[TurabG]

I added a variable like:
capture-server --> udp:127.0.0.1:9060
in: Advanced -> SIP Profiles -> Settings

Restarted Freeswitch. I didn't enable "sip-cature" per profile basis, instead, I entered to fs_cli, enabled global capture. Then from another shell I typed:
sngrep -L udp:127.0.0.1:9060
This captures only what standard sngrep captures: non-tls SIP traffic. TLS traffic doesn't appear on this watch. I also tried this:
sngrep -L udp:127.0.0.1:9060 -d lo
which is suggested on other threads, but this captures absolutely nothing.