< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index

Re: [reSIProcate] Passive SIP Traffic Analyzer

From: Mihai Codrean <mihaicodrean@xxxxxxxxx>
Date: Mon, 2 Dec 2019 11:17:44 +0200

I have actually started on a different path:

Derived a class from UdpTransport, to get access to its protected processRxParse method. There's a socket created that I don't need, but I'll deal with that later.
Captured the packets externally and fed them into an instance of the class above.
Altered the created SipMessages so that the requests are marked as coming from the TU - this is key, since all packets are marked as external.
Passed the created SipMessages into TransactionState::process, and as far as I can tell, its state machine transitions the states correctly.

For my purposes, I don't really need a TU, but just a way to get notified when sessions are detected (e.g. TransactionState::mState == Completed) and teared down. The state itself is private, so any ideas how to go about this?

Thanks,
Mihai

On 2019-11-28 23:55, Scott Godin wrote:

If you need transaction or dialog level data that is a good idea and might work nicely. :)

On Thu, Nov 21, 2019 at 5:53 AM Mihai Codrean <mihaicodrean@xxxxxxxxx> wrote:

So basically just the dissector is easily reusable, with no conversation/participants support, right?
What if there would be an interface added to decouple the sockets API, so that the SIP replies could go through a dump stub?

Thanks,
-Mihai

On 2019-11-19 17:24, Scott Godin wrote:

Not really. Homer support ( https://sipcapture.org/ ) was added, but that still doesn't allow you to listen passively to SIP traffic. You could definitely build a passive listener outside of resiprocate, then just use the resip SIP message parsing routines to parse and analyze the SIP message contents. This would be essentially by passing the resip transports, transaction state machine and DUM layers.

Scott

On Mon, Nov 18, 2019 at 10:11 AM Mihai Codrean <mihaicodrean@xxxxxxxxx> wrote:

Hi,

Scott Godin wrote back in 2011:

resip is great choice for a SIP message parser, however there will be a reasonable amount of work required to separate things in order to try and reuse the resip transaction, dialog and dum callback engine in a passive way (ie. without generating any responses).
Has this changed over the years, making such an endeavor easier?

Thanks,
Mihai

_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel

References:
- [reSIProcate] Passive SIP Traffic Analyzer
  - From: Mihai Codrean
- Re: [reSIProcate] Passive SIP Traffic Analyzer
  - From: Scott Godin
- Re: [reSIProcate] Passive SIP Traffic Analyzer
  - From: Mihai Codrean
- Re: [reSIProcate] Passive SIP Traffic Analyzer
  - From: Scott Godin

Prev by Date: Re: [reSIProcate] Passive SIP Traffic Analyzer
Next by Date: Re: [reSIProcate] Questions about resiprocate roadmap
Previous by thread: Re: [reSIProcate] Passive SIP Traffic Analyzer
Next by thread: [reSIProcate] SNMP strategy, proof-of-concept committed
Index(es):
- Date
- Thread