-
Notifications
You must be signed in to change notification settings - Fork 188
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Capturing SIPS + RTP/SAVP with asterisk #439
Comments
Actually, this was still using HEP due to |
HI @Yannik !!
Nope, this is a common problem in sngrep using HEP. You can save HEP and you can save network traffic, but mixing them in the same PCAP is not supported. The reason behind this limitation is that sngrep always tries to save each pcap exactly how it was captured, including any fragmentation or segmation and datalink layer data (Loopback device, Ethernet 100, ...). This is easy while saving packets from a single capture device, because libpcap input handle can be used to generate output file. HEP packets are received in a socket, so this datalink info doesn't exists. We create a fake Ethernet 100Mb datalink layer and build each header manually, converting each received data into a Ethernet>IP>UDP packet to store it in a ethernet datalink pcap file. In order to support saving from network and HEP at the same time, sngrep must use the network capture handle to create the output pcap and convert each HEP packet to the datalink used in that file by creating the appropiate fake datalink layer data (like it does right now for Ethernet). Regards! |
I see. Would love to see support for this! Thanks for your reply @Kaian ! |
Hi,
thanks for this great project!
To debug an issue, I would like to capture both SIPS & RTP/SAVP traffic.
Note: both are encrypted, which is why I am using HEP w/sngrep instead of tcpdump in the first place :-)
I have configured asterisk to send HEP traffic like this:
I'm calling sngrep like this:
sngrep--eep-listen udp:127.0.0.1:6000 --rtp
.SIP traffic is captured just fine, but for some reason, RTP is not. By
tcpdump
ing the port 6000 traffic I was able to see that asterisk is not sending the rtp traffic along. According to the HEP3 spec, that should be possible (capture protocol type 0x04). However, I could not find any way to enable it.I was able to capture RTP by adding
-d any
to the sngrep call, but now capturing to a pcap (-O trace.pcap
) is broken. The file is just not getting creating. Trying to save from the GUI results in an error message.Is there some general issue with capturing RTP via HEP, or is this just an asterisk problem?
How would you recommend I proceed to capture encrypted SIP&RTP to pcap? Is there any solution for this issue?
The text was updated successfully, but these errors were encountered: