Tls

From VoIPmonitor.org
Revision as of 23:01, 5 December 2014 by Festr (talk | contribs) (Created page with "Since version 11 VoIPmonitor sniffer is able to decode and decrypt TLS SIP protocol by providing private key. Currently the code is in GIT develop branch and here is staticall...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Since version 11 VoIPmonitor sniffer is able to decode and decrypt TLS SIP protocol by providing private key. Currently the code is in GIT develop branch and here is statically beta version 64bit which should run on any >= 2.6.18 linux.

Decrypted SIP packets are converted to virtual UDP packets with the same ethernet headers replacing the IP TCP layer with UDP so you will not see the TCP stream in stored pcap files.

TLS feature is still in beta - if you will have any problems which are reproducible we need to see pcap file with the TLS packets (no need for RTP) and of course the private key.

Please note that TLS where cipher suite is set to Diffie–Hellman key exchange is not possible to decode in any way. It is possible only if your software (PBX/SBC) is storing key for each TLS session but still this feature is not supported. The only solution is to change the cipher suite to use anything but the diffie hellman cipher suites.


Download

Link to beta version: http://download.voipmonitor.org/voipmonitor-tls

Or compile from source (git develop branch)

Configuration

add to the voipmonitor.conf

ssl_ipport = 10.0.0.1 : 5061 /etc/private.key

where 10.0.0.1 is server with TLS port 5061. Private key is in /etc/private.key and it is in PEM format (starting with -----BEGIN RSA PRIVATE KEY-----)