Enable TLS debugging with SNGREP

[DigitalDaz]

Thanks to a guy called TomP over at https://www.tomp.uk/2019/02/freeswitch-sip-capture-over-tls-with-sngrep-and-hep/ for this solution.

nano -w /usr/share/freeswitch/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua

Change the line from:

--table.insert(xml, [[                          <param name="capture-server" value="udp:homer.domain.com:5060"/>]]);

To:

table.insert(xml, [[                            <param name="capture-server" value="udp:127.0.0.1:9060"/>]]);

Flush the cache and restart Freeswitch.

When you want to use SNGREP to capture your TLS and other traffic:

To start Freeswitch capturing the traffic:

fs_cli -x 'sofia global capture on'

Start SNGREP with:

sngrep -L udp:127.0.0.1:9060 -d lo

To stop Freeswitch capturing the traffic:

fs_cli -x 'sofia global capture off'

@markjcrane likes the look of this so very soon, hopefully you won't need to edit the lua file, it should already be set. Regardless, this will allow you to do it on existing systems.

 

[ad5ou]

I took it a step farther and made a little script to save a bit of typing.
I named it tracetls.sh but whatever is easy to remember.

#!/bin/sh
fs_cli -x 'sofia global capture on'
sngrep -L udp:127.0.0.1:9060 -d lo
fs_cli -x 'sofia global capture off'

When the script is run, it turns on the capture, loads sngrep with correct flags. When sngrep exits, it turns off the capture.

 

[leandrodes87]

Hy

Guy, but i don't understand about this solution or it's don't resolving for me.

I want to capture any traffic in my Fusionpbx, because all my phones its working remote , this phones working only in TLS, because only foward 5061 port in my firewall to my FusionPBX, i see all phones in "Status > Registration" with TLS protocol.

But i don't see "Extensions registrations" and any internal call in "SNGREP", i only see external call, where i use external gateways with UDP Protocol.

I believe that post is about this, it's allright?

i make this all, but i keep seeing only external calls, anything its welcome.

Thanks

 

[DigitalDaz]

You would have to flush cache and restart freeswitch too.

 

[leandrodes87]

Digital Daz,

Thanks for a rapid response, but for me dosn't work, i take this :

I Connect in server by ssh and change file sofia.conf.lua
vi /usr/share/freeswitch/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua
in line 87
---table.insert(xml, [[ <param name="capture-server" value="udp:homer.domain.com:5060"/>]])
I change "udp:homer.domain.com :5060" to "udp:127.0.0.1:9060" and remove -- in initial

I connect by WEB with admin user
Go in Status > SIP Profiles, Click in Flush Cache
In ssh systemctl restart freeswitch,

in sequence, i take a command
sngrep -L udp:127.0.0.1:9060 -d lo

and close my softphone and open, and restart my HardPhone.


This Extensions register again, but in SNGREP don't anything.

I try in SNGREP change by F8 in tab EEP / HEP Homer the parameter "Send all captures SIP packets" to on (default is off) but i restart again my phones and don't see anithing in SNGREP.

My FusionPBX is version 4.5.13 and use letsencrypt certificate to TLS.

Do you have any idea to help-me?

 

[leandrodes87]

Hi,
Do anything more idea about this? I losing so much to resolve this for see my users calling, because sometimes his has difficult to call example.

 

[leandrodes87]

hi,
anymore some this problem? who can help-me?

i don't see any TLS register or call in SNGREP

 

[leandrodes87]

Hi

@DigitalDaz
sorry for uncomfortable, but i need any solution for this.

i noticed, when try start capture, i receive errors in fs_cli

after i write sofia.cnf.lua, flush cache in web, and restart by commando (systemctl restart freeswitch) or then shutdown -r now

after restar, when i connect in fs_cli and make a command: sofia global capture on

i receive various:

error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success
error: tport_logging: capture socket error: Success

and when i make: sofia global capture off

this erros stop, do you have any other sugestion about this?

 

[felipe.pasa]

Hi,

I had to put this configuration in the profile sip to work

param name="capture-server" value="udp:127.0.0.1:9060"

after this, restart the profile and run sngrep

 

[etsiot]

Thanks to a guy called TomP over at https://www.tomp.uk/2019/02/freeswitch-sip-capture-over-tls-with-sngrep-and-hep/ for this solution.

nano -w /usr/share/freeswitch/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua

Change the line from:

--table.insert(xml, [[                          <param name="capture-server" value="udp:homer.domain.com:5060"/>]]);

To:

table.insert(xml, [[                            <param name="capture-server" value="udp:127.0.0.1:9060"/>]]);

Flush the cache and restart Freeswitch.

When you want to use SNGREP to capture your TLS and other traffic:

To start Freeswitch capturing the traffic:

fs_cli -x 'sofia global capture on'

Start SNGREP with:

sngrep -L udp:127.0.0.1:9060 -d lo

To stop Freeswitch capturing the traffic:

fs_cli -x 'sofia global capture off'

@markjcrane likes the look of this so very soon, hopefully you won't need to edit the lua file, it should already be set. Regardless, this will allow you to do it on existing systems.

Looking to implement this, yet sofia.conf.lua contains no such code? Has it been implemented some other way in the latest code?