Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

sniffing SIP  caller ID traffic

Posted on 2012-03-12
6
Medium Priority
?
886 Views
Last Modified: 2012-04-11
Background: I recently took over the administration for a small company that has a Cisco Unified Call Manager in place.  I have little exposure to this product.  The phones at the desk are 7692 VOIP phones.  Their data network is 192.168.x.x and their voice traffic is on the 10.x.x.x network.

Problem: We want to see if we can pull SIP Caller ID information and export it to a database for use with a customer service application.  They want to be able to 'pop' caller information to the support rep real time.  They don't want to use the Cisco product that covers this solution due to the cost so I've been tasked with researching a cheaper 3rd party solution to this.

Potential Solution: I'm considering buying cheap hubs to install at each customer rep desks and then adding another NIC to their workstation to sniff traffic.  Then I would hire a programmer to write a program that would sniff packet(s) that contains the caller Id information (I am calling our SIP provider for this information) for export into their customer service database.

My question:  Has anyone done this?  Does this sound like it would work?
0
Comment
Question by:GDavis193
6 Comments
 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 750 total points
ID: 37710730
It sounds a little over killed. Why not configuring your topology so that when meeting the right conditions, calls are routed to a server running OpenSIPS for example, where you can do all sorts of things with the SIP signaling, then OpenSIPS would return the call back to CallManager and deliver it to the phone representative.

www.opensips.org
0
 

Author Comment

by:GDavis193
ID: 37710751
I have very limited experience with the Call Manager from Cisco so this routing of packets to an OpenSIPS box would be above my pay grade.  Something on the desk side end would allow me to troubleshoot and fix issues as we implement w/o taking down their entire call system.
0
 
LVL 5

Assisted Solution

by:Frank Mayer
Frank Mayer earned 375 total points
ID: 37714866
Hi,
there should be logfiles for the Callmanger which are generated. It should be possible to
parse them and send a notification to your desired PC. Or you enable a Syslogserver where the Callmanager sends its notification which you can analyze.
Same is true for SNMP. Then you need a description about the supported SNMP notifications and perhaps you can retrieve the desired data.
Perhaps you dont need hubs, when your switch has a Mirrorport built in.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 750 total points
ID: 37715198
Yohei's idea is good. You have the possibility to off load the callmanager traces to an FTP automatically through RTMT, and you can define the type of information to be logged in the traces.

The problem is that traces are far from being real time. And besides, you turn a flexible troubleshooting tool into a production feature. Can't even start imagining the implications of it.

You may try installing Blink (icanblink.com) which is a softphone and has excellent SIP logging capabilities, share the line with the real phone, and have the programmer parse Blink's log for caller ID information. The phone would be used only as a logging entity. Even further, your programmer may develop a third party SIP phone that can register to CUCM and share the desk phone's line, and run in your users computer, so that when it receives a call, it will be answered from the desk phone but the SIP client in the PC will have already gone to the database and picked up the data to display on screen based on the incoming call received.

I still think we are doing it wrong, we could do it from the server side instead. But I wont oppose though.
0
 
LVL 1

Accepted Solution

by:
mikedaddy earned 375 total points
ID: 37758189
I would setup a Mirrorport to dump my LAN side of the cisco call manager to a port. Plug that port into a Linux machine and run some perl code to realtime parse out ngrep:
ngrep -W byline -d eth0 port 5060

Open in new window


The parsing would be the hardest part, but there's probably a lot of info on parsing SIP messages.
0
 

Author Closing Comment

by:GDavis193
ID: 37833142
Appreicate the help
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question