Solved

sniffing SIP  caller ID traffic

Posted on 2012-03-12
6
848 Views
Last Modified: 2012-04-11
Background: I recently took over the administration for a small company that has a Cisco Unified Call Manager in place.  I have little exposure to this product.  The phones at the desk are 7692 VOIP phones.  Their data network is 192.168.x.x and their voice traffic is on the 10.x.x.x network.

Problem: We want to see if we can pull SIP Caller ID information and export it to a database for use with a customer service application.  They want to be able to 'pop' caller information to the support rep real time.  They don't want to use the Cisco product that covers this solution due to the cost so I've been tasked with researching a cheaper 3rd party solution to this.

Potential Solution: I'm considering buying cheap hubs to install at each customer rep desks and then adding another NIC to their workstation to sniff traffic.  Then I would hire a programmer to write a program that would sniff packet(s) that contains the caller Id information (I am calling our SIP provider for this information) for export into their customer service database.

My question:  Has anyone done this?  Does this sound like it would work?
0
Comment
Question by:GDavis193
6 Comments
 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
ID: 37710730
It sounds a little over killed. Why not configuring your topology so that when meeting the right conditions, calls are routed to a server running OpenSIPS for example, where you can do all sorts of things with the SIP signaling, then OpenSIPS would return the call back to CallManager and deliver it to the phone representative.

www.opensips.org
0
 

Author Comment

by:GDavis193
ID: 37710751
I have very limited experience with the Call Manager from Cisco so this routing of packets to an OpenSIPS box would be above my pay grade.  Something on the desk side end would allow me to troubleshoot and fix issues as we implement w/o taking down their entire call system.
0
 
LVL 5

Assisted Solution

by:Frank Mayer
Frank Mayer earned 125 total points
ID: 37714866
Hi,
there should be logfiles for the Callmanger which are generated. It should be possible to
parse them and send a notification to your desired PC. Or you enable a Syslogserver where the Callmanager sends its notification which you can analyze.
Same is true for SNMP. Then you need a description about the supported SNMP notifications and perhaps you can retrieve the desired data.
Perhaps you dont need hubs, when your switch has a Mirrorport built in.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
ID: 37715198
Yohei's idea is good. You have the possibility to off load the callmanager traces to an FTP automatically through RTMT, and you can define the type of information to be logged in the traces.

The problem is that traces are far from being real time. And besides, you turn a flexible troubleshooting tool into a production feature. Can't even start imagining the implications of it.

You may try installing Blink (icanblink.com) which is a softphone and has excellent SIP logging capabilities, share the line with the real phone, and have the programmer parse Blink's log for caller ID information. The phone would be used only as a logging entity. Even further, your programmer may develop a third party SIP phone that can register to CUCM and share the desk phone's line, and run in your users computer, so that when it receives a call, it will be answered from the desk phone but the SIP client in the PC will have already gone to the database and picked up the data to display on screen based on the incoming call received.

I still think we are doing it wrong, we could do it from the server side instead. But I wont oppose though.
0
 
LVL 1

Accepted Solution

by:
mikedaddy earned 125 total points
ID: 37758189
I would setup a Mirrorport to dump my LAN side of the cisco call manager to a port. Plug that port into a Linux machine and run some perl code to realtime parse out ngrep:
ngrep -W byline -d eth0 port 5060

Open in new window


The parsing would be the hardest part, but there's probably a lot of info on parsing SIP messages.
0
 

Author Closing Comment

by:GDavis193
ID: 37833142
Appreicate the help
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question