Menu Close

Tools for a quick SIP diagnostics – ngrep, sipgrep and sngrep

Sometimes there is a need for simple and quick analysis of a SIP server and its call functions. Of course, we should use the well-known tcpdump, mentioned in the article Using tcpdump for SIP diagnostics. However, for some occasional Linux users this may be too difficult and unclear. But actually there exist some simpler utilities, that could work fine, as ngrep, and for me newer, sipgrep and sngrep (love at first sight).

All utils are directly available and can be installed online from Debian repo using apt-get install ngrep sipgrep sngrep.

SIP clients – security features analysis

Table provides the overview of security features of nine analysed open-source SIP clients (some sources call them the RTC communicator).

Source: P. Segeč, M. Moravčík, J. Hrabovský, J. Papán and J. Uramová, “Securing SIP infrastructures with PKI — The analysis,” 2017 15th International Conference on Emerging eLearning Technologies and Applications (ICETA), Stary Smokovec, 2017, pp. 1-8.
doi: 10.1109/ICETA.2017.8102525
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?rp=&arnumber=8102525&isnumber=8102457

Enabling USB Wi-Fi dongle adapter on VirtualBox VM

When we have Wi-Fi adapter in our PC, we may use it as a network interface of VM, but the VM will recognize it just as another wired interface. But there is possibility to connect an USB Wi-Fi dongle adapter and enable it to the VM. VM then will see dongle as native USB Wi-Fi adapter and it allows to work with WiFi networks natively.

For example, we have the TP-LINK Archer T2UH USB dongle, Windows 10 as base system, Lubuntu 19.04 as the virtual machine and VirtualBox 6.0.8.

Set language on Cisco SPA 502G

This post is relevant to all Cicso SPA phones, which have “G” letter in their names. “G” means global (that you can put there languages), not gigabit ethernet (all phones have 100 Mbps interfaces).

First of all, you need to download language files from cisco support page. They are XML files and look like “spa50x_30x_en_v756.xml”. This is for english language. Important is, that you must have two files – for your desired language and for english language. Then set up TFTP server and put there files.

Problem with a VoIP phone behind NAT – disabling FortiGate SIP ALG

Initial state and observed problems

Observed problems

We had observed a problem, where a SIP phone is registering, but the AOR record indicates, that as a Contact IP address the incorrect and strange private IP address is used. As is shown on following listing:

voip*CLI> pjsip show aor 1765
   Aor:  <Aor..............................................>  <MaxContact>
     Contact:     
   Aor:  1765                                                 1 Contact:  1765/sip:1765@10.16.42.46:65476              f123d14d1c NonQual         nan
 ParameterName        : ParameterValue
  =================================================
  authenticate_qualify : false
  contact              : sip:1765@10.16.42.46:65476
  default_expiration   : 7200
  mailboxes            :
  max_contacts         : 1
  maximum_expiration   : 7200
  minimum_expiration   : 60
  outbound_proxy       :
  qualify_frequency    : 0
  qualify_timeout      : 3.000000
  remove_existing      : true
  support_path         : false
  voicemail_extension  :

This cause a problem, where incoming phone calls (call on 1765 number) are not reaching the SIP phone. We had tried to solve the situations on the phone only modifying its NAT configuration and using STUN, but with no success. Then we setup the lab with two Cisco NAT to simulate the topo. It works perfectly. This indicate on a problem with the Fortigate firewall. Several posts indicates that it could be the SIP ALG problem, which is on Fortigate devices turned on by default and it modifies SIP messages.

Moloch Upgrade

Moloch Upgrade

  • Authors: Tomáš Mokoš, Miroslav Kohútik

Upgrading Moloch to the latest version is not possible from all versions. Some older versions require installation of newer versions in an exact order.

Upgrading to Moloch 1.1.0

The oldest version of Moloch we have had in active use was version 0.50.
Upgrading Moloch from version 0.50 to version 1.0 and higher requires reindexing of all session data due to the large changes introduced in version 1.0. Reindexing is done in the background after upgrading, so there is little downtime before the server is back online.