System and Network Management

 View Only
  • 1.  Decrypted, SIPs, TLS 1.3, SRTP, PCAP, Packet Capture, Wireshark

    Posted 29 days ago

    Hello,

    I work for the State of MA VoIP team and we are required to use TLS 1.3 for most of our agencies the one issue that it causes is the added complexity of troubleshooting calls. So I'm looking to see if it's possible to get the private key from a vendor's cloud SBC R10.1.x environment so I can decrypt the calls so we can see all of the packets and hear the calls we are testing.

    I'm mainly looking for traffic between our SBC's and Avaya Workplace 3.35.x Softphones, but it would be helpful to be able to do the same between our session managers and our headphones as well.

    I already set the environment variable and have the session keys logging to a file that I added to the TLS(SSL) protocol properties dialog, I'm just not sure how to get the private keys and if they just go in the same properties or if there are other settings I need to change as well.



    ------------------------------
    Raymond Fortier
    Sr. UC VoIP Engineer
    Executive Office of Technology Services & Security
    Chelsea MA
    ------------------------------


  • 2.  RE: Decrypted, SIPs, TLS 1.3, SRTP, PCAP, Packet Capture, Wireshark

    Posted 12 days ago

    It would be very unusual for a company to give you the private keys of a device you don't own.  Heck, even extracting the private keys from devices you do own is not often trivial.

    If it's hosted, an Avaya SBCE, and they give you login access to it, use the "traceSBC" tool so you can see the decrypted SIP traffic in transit.  If they are using another branded SBC they may have a similar tool or may just not allow you to get access to that encrypted traffic.



    ------------------------------
    Nick Kwiatkowski
    Director of Design and Engineering
    Michigan State University
    East Lansing MI
    ------------------------------



  • 3.  RE: Decrypted, SIPs, TLS 1.3, SRTP, PCAP, Packet Capture, Wireshark

    Posted 12 days ago

    Thank you, Nick,

    Part of the contract was to allow us access to the system as needed.

    I haven't been in a situation where I've needed to use "traceSBC" in a long time (R5), just normally use wireshark from from the desktop end of the call and our vendor would get it from the SBC, but will ask about getting access to it and relearn how to use it.

    Would it only give me the point of view from the SBC or would I also be able to pull up and see the packets from the end point's point of view?

    Thanks,

    Ray



    ------------------------------
    Raymond Fortier
    Sr. Unified Communications Engineer
    Executive Office of Technology Services & Security
    Chelsea MA
    ------------------------------



  • 4.  RE: Decrypted, SIPs, TLS 1.3, SRTP, PCAP, Packet Capture, Wireshark

    Posted 12 days ago

    You would only see the traffic from the SBC's view -- but there shouldn't really be anything between the endpoint and the SBC on the workplace side.  Same if you are using that SBC for trunking -- it should be the last thing in line before the packet is out of your control.

    The other nice thing about the SBC is that in addition to just showing the raw SIP packets, it can also tell you what ports the RTP traffic is on, what media is negotiated, etc., in a pretty nice, clean view.  Since it would mediate PPM data, it brings that into the view as well and gives you an idea of what is being transmitted across to the softphone.



    ------------------------------
    Nick Kwiatkowski
    Director of Design and Engineering
    Michigan State University
    East Lansing MI
    ------------------------------