Solved

sniffing SIP  caller ID traffic

Posted on 2012-03-12
6
830 Views
Last Modified: 2012-04-11
Background: I recently took over the administration for a small company that has a Cisco Unified Call Manager in place.  I have little exposure to this product.  The phones at the desk are 7692 VOIP phones.  Their data network is 192.168.x.x and their voice traffic is on the 10.x.x.x network.

Problem: We want to see if we can pull SIP Caller ID information and export it to a database for use with a customer service application.  They want to be able to 'pop' caller information to the support rep real time.  They don't want to use the Cisco product that covers this solution due to the cost so I've been tasked with researching a cheaper 3rd party solution to this.

Potential Solution: I'm considering buying cheap hubs to install at each customer rep desks and then adding another NIC to their workstation to sniff traffic.  Then I would hire a programmer to write a program that would sniff packet(s) that contains the caller Id information (I am calling our SIP provider for this information) for export into their customer service database.

My question:  Has anyone done this?  Does this sound like it would work?
0
Comment
Question by:GDavis193
6 Comments
 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
ID: 37710730
It sounds a little over killed. Why not configuring your topology so that when meeting the right conditions, calls are routed to a server running OpenSIPS for example, where you can do all sorts of things with the SIP signaling, then OpenSIPS would return the call back to CallManager and deliver it to the phone representative.

www.opensips.org
0
 

Author Comment

by:GDavis193
ID: 37710751
I have very limited experience with the Call Manager from Cisco so this routing of packets to an OpenSIPS box would be above my pay grade.  Something on the desk side end would allow me to troubleshoot and fix issues as we implement w/o taking down their entire call system.
0
 
LVL 5

Assisted Solution

by:Frank Mayer
Frank Mayer earned 125 total points
ID: 37714866
Hi,
there should be logfiles for the Callmanger which are generated. It should be possible to
parse them and send a notification to your desired PC. Or you enable a Syslogserver where the Callmanager sends its notification which you can analyze.
Same is true for SNMP. Then you need a description about the supported SNMP notifications and perhaps you can retrieve the desired data.
Perhaps you dont need hubs, when your switch has a Mirrorport built in.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
ID: 37715198
Yohei's idea is good. You have the possibility to off load the callmanager traces to an FTP automatically through RTMT, and you can define the type of information to be logged in the traces.

The problem is that traces are far from being real time. And besides, you turn a flexible troubleshooting tool into a production feature. Can't even start imagining the implications of it.

You may try installing Blink (icanblink.com) which is a softphone and has excellent SIP logging capabilities, share the line with the real phone, and have the programmer parse Blink's log for caller ID information. The phone would be used only as a logging entity. Even further, your programmer may develop a third party SIP phone that can register to CUCM and share the desk phone's line, and run in your users computer, so that when it receives a call, it will be answered from the desk phone but the SIP client in the PC will have already gone to the database and picked up the data to display on screen based on the incoming call received.

I still think we are doing it wrong, we could do it from the server side instead. But I wont oppose though.
0
 
LVL 1

Accepted Solution

by:
mikedaddy earned 125 total points
ID: 37758189
I would setup a Mirrorport to dump my LAN side of the cisco call manager to a port. Plug that port into a Linux machine and run some perl code to realtime parse out ngrep:
ngrep -W byline -d eth0 port 5060

Open in new window


The parsing would be the hardest part, but there's probably a lot of info on parsing SIP messages.
0
 

Author Closing Comment

by:GDavis193
ID: 37833142
Appreicate the help
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now