Archive

Archive for June 6th, 2013

VoIP – debug e troubleshooting traffico SIP con ngrep

June 6th, 2013 No comments

http://ithelpblog.com/wp-content/uploads/2013/01/SIP1.pngCon questo articolo tecnico ritorniamo ad occuparci di VoIP e in particolare del troubleshooting del traffico SIP.

Il comando essenziale che dobbiamo utilizzare è “ngrep”.  Per installarlo su una macchian Ubuntu basta scrivere sul terminale

apt-get install ngrep

Vediamo ora la modalità di utilizzo direttamente con alcuni esempi:

Sniffare tutto il traffico SIP:

ngrep -qt -W byline port 5060
# ngrep -qt -W byline port 5060
interface: eth0 (192.168.0.0/255.255.255.0)
filter: (ip or ip6) and ( port 5060 )T 2013/04/27 05:59:09.541776 192.168.0.200:52018 -> 192.168.0.114:5060 [A]……T 2013/04/27 05:59:09.541837 192.168.0.200:52018 -> 192.168.0.114:5060 [AP]
REGISTER sip:openuctest.com SIP/2.0.
Via: SIP/2.0/TCP 192.168.0.200:36752;branch=z9hG4bK-d8754z-95798a09824c9c00-1—d8754z-;rport.
Max-Forwards: 70.
Contact: <sip:200@192.168.0.200:36752;rinstance=85aa8608b85349aa;transport=TCP>.
To: “200″<sip:200@openuctest.com>.
From: “200″<sip:200@openuctest.com>;tag=745f025a.
Call-ID: N2E0NDg0NTdlYmFmNTY2NjM0NGNmOWNkNDE1YWM0YmE..
CSeq: 1 REGISTER.
Expires: 3600.
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE, SUBSCRIBE, INFO.
Supported: replaces.
User-Agent: Bria Professional release 2.4 stamp 49381.
Content-Length: 0.
.
T 2013/04/27 05:59:10.478656 192.168.0.114:5060 -> 192.168.0.200:52018 [AP]
SIP/2.0 408 Request timeout.
From: “200″<sip:200@openuctest.com>;tag=745f025a.
To: “200″<sip:200@openuctest.com>;tag=VmNa8r.
Call-Id: N2E0NDg0NTdlYmFmNTY2NjM0NGNmOWNkNDE1YWM0YmE..
Cseq: 1 REGISTER.
Via: SIP/2.0/TCP 192.168.0.200:36752;branch=z9hG4bK-d8754z-95798a09824c9c00-1—d8754z-;rport=52018.
Server: sipXecs/4.6.0 sipXecs/sipXproxy (Linux).
Content-Length: 0.
.T 2013/04/27 05:59:10.678860 192.168.0.200:52018 -> 192.168.0.114:5060 [A]
……

Sniffare e filtrare sull’indirizzo IP 192.168.0.200

ngrep -qt 192.168.0.200 -W byline port 5060

Sniffare e filtrare sull’utente “pippo”

ngrep -qt pippo -W byline port 5060

Sniffare e filtrare solo i pacchetti SIP con il metodo INVITE

ngrep -W byline -d eth0 INVITE

(articolo originale: http://ithelpblog.com/voice/troubleshooting-and-debug-voip-sip-by-ngrep-command/)

Aggiungo check funzionamento servizio SIP 5060:

nc -z -v -u <indirizzo IP> 5060

Categories: Articolo Tecnico, Networking, Software, Voip Tags: