{"id":2063,"date":"2024-12-17T23:40:36","date_gmt":"2024-12-17T22:40:36","guid":{"rendered":"https:\/\/www.daniel-ritter.de\/blog\/?p=2063"},"modified":"2024-12-17T23:40:36","modified_gmt":"2024-12-17T22:40:36","slug":"monitor-encrypted-tls-sip-traffic-with-asterisk-module-res_hep-and-sngrep","status":"publish","type":"post","link":"https:\/\/www.daniel-ritter.de\/blog\/monitor-encrypted-tls-sip-traffic-with-asterisk-module-res_hep-and-sngrep\/","title":{"rendered":"Monitor encrypted TLS SIP traffic with Asterisk, module res_hep and sngrep"},"content":{"rendered":"<p>If your SIP traffic is TLS enrypted, it becomes impossible to monitor it with nice visual tools like sngrep. sngrep can&#8217;t read the traffic because it normaly only has access to the unencrypted SIP traffic on the PXB.<\/p>\n<p>The Asterisk module res_hep solves this problem. It plays the old man in the middle game to divert a copy of the unencrypted traffic to a HEP-server, so it can be seen in the clear before being encrypted for going over the line.<\/p>\n<p>Asterisk -> HEP module (sends copy of traffic to HEP server) -> SIP encapsulated in TLS Crypto -> Other peer \/ registrar<\/p>\n<p>Setup is easy:<\/p>\n<pre>\r\n# Configure the Asterisk hep-module\r\n#\/etc\/asterisk\/hep.conf\r\n[general]\r\nenabled = yes                      \r\ncapture_address = 10.10.10.1:12345    # use the ip of your PBX here\r\ncapture_password = mypassword                                \r\ncapture_id = 1234                  \r\ncapture_name = asterisk          \r\nuuid_type = call-id                \r\n<\/pre>\n<pre>\r\n# Configure sngrep as a HEP-Server\r\n# \/root\/.sngreprc\r\nset eep.listen on\r\nset eep.listen.address 10.10.10.1\r\nset eep.listen.port 12345\r\nset eep.listen.pass mypassword\r\nset eep.listen.uuid on\r\n<\/pre>\n<p>Now run sngrep and you should see your encrypted SIP-traffic:<\/p>\n<pre>\r\nsngrep -d lo\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>If your SIP traffic is TLS enrypted, it becomes impossible to monitor it with nice visual tools like sngrep. sngrep can&#8217;t read the traffic because it normaly only has access to the unencrypted SIP traffic on the PXB. The Asterisk module res_hep solves this problem. It plays the old man in the middle game to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1883,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[227,225],"tags":[],"class_list":["post-2063","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-voip"],"_links":{"self":[{"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/posts\/2063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/comments?post=2063"}],"version-history":[{"count":3,"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/posts\/2063\/revisions"}],"predecessor-version":[{"id":2066,"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/posts\/2063\/revisions\/2066"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/media\/1883"}],"wp:attachment":[{"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/media?parent=2063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/categories?post=2063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.daniel-ritter.de\/blog\/wp-json\/wp\/v2\/tags?post=2063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}