![]() Take the private key and save it on your PC in a filename.key file. First you need the private key used by Kamailio. On VoipNow 3.5, you can find it in /etc/voipnow/certs/ kamailio.pem. ![]() ![]() Otherwise, you won't be able to decrypt the capture. Now we need to tell wireshark how to decode the proto after TLS is done. This file contains the TLS keys in NSS Key Log Format which golang can output and wireshark can consume. For wireshark, we will save the TLS encryption keys to /tmp/keylog.log. Beside the filters, when you're capturing TLS, you need to make sure you capture the SSL handshake between the phone terminal and the VoipNow server. First thing is to setup the client server and wireshark (plase note, use wireshark 3.6.0+.In the capture, t he encoded packets will appear as TLS. In the capture below, we had a call from phone terminal (A) 192.168.1.225 through the VoipNow server (B) at 10.150.20.27 and towards another phone terminal (C) on UDP at 192.168.3.152. As you can see, the part between A and B is missing because it's using TLS, whereas the communication between B and C occurs on UDP and is visible. On the SSL page, choose RSA keys list > Edit > New to create an ssl decrypt. In the navigation tree on the left, choose Protocols > SSL. When you open the capture, you'll see that the TLS part of the call is not even recognized by Wireshark as SIP. Open the file on Wireshark (in the packet capture file that is not decrypted, only the push code stream is displayed.) 2.Tcpdump -nni any -s 0 port 5050 or port 5060 or port 5061 -w /usr/local/voipnow/admin/htdocs/tls.pcap
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |