Solved

sniffing SIP  caller ID traffic

Posted on 2012-03-12
6
819 Views
Last Modified: 2012-04-11
Background: I recently took over the administration for a small company that has a Cisco Unified Call Manager in place.  I have little exposure to this product.  The phones at the desk are 7692 VOIP phones.  Their data network is 192.168.x.x and their voice traffic is on the 10.x.x.x network.

Problem: We want to see if we can pull SIP Caller ID information and export it to a database for use with a customer service application.  They want to be able to 'pop' caller information to the support rep real time.  They don't want to use the Cisco product that covers this solution due to the cost so I've been tasked with researching a cheaper 3rd party solution to this.

Potential Solution: I'm considering buying cheap hubs to install at each customer rep desks and then adding another NIC to their workstation to sniff traffic.  Then I would hire a programmer to write a program that would sniff packet(s) that contains the caller Id information (I am calling our SIP provider for this information) for export into their customer service database.

My question:  Has anyone done this?  Does this sound like it would work?
0
Comment
Question by:GDavis193
6 Comments
 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
Comment Utility
It sounds a little over killed. Why not configuring your topology so that when meeting the right conditions, calls are routed to a server running OpenSIPS for example, where you can do all sorts of things with the SIP signaling, then OpenSIPS would return the call back to CallManager and deliver it to the phone representative.

www.opensips.org
0
 

Author Comment

by:GDavis193
Comment Utility
I have very limited experience with the Call Manager from Cisco so this routing of packets to an OpenSIPS box would be above my pay grade.  Something on the desk side end would allow me to troubleshoot and fix issues as we implement w/o taking down their entire call system.
0
 
LVL 5

Assisted Solution

by:Yohei0815
Yohei0815 earned 125 total points
Comment Utility
Hi,
there should be logfiles for the Callmanger which are generated. It should be possible to
parse them and send a notification to your desired PC. Or you enable a Syslogserver where the Callmanager sends its notification which you can analyze.
Same is true for SNMP. Then you need a description about the supported SNMP notifications and perhaps you can retrieve the desired data.
Perhaps you dont need hubs, when your switch has a Mirrorport built in.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 20

Assisted Solution

by:José Méndez
José Méndez earned 250 total points
Comment Utility
Yohei's idea is good. You have the possibility to off load the callmanager traces to an FTP automatically through RTMT, and you can define the type of information to be logged in the traces.

The problem is that traces are far from being real time. And besides, you turn a flexible troubleshooting tool into a production feature. Can't even start imagining the implications of it.

You may try installing Blink (icanblink.com) which is a softphone and has excellent SIP logging capabilities, share the line with the real phone, and have the programmer parse Blink's log for caller ID information. The phone would be used only as a logging entity. Even further, your programmer may develop a third party SIP phone that can register to CUCM and share the desk phone's line, and run in your users computer, so that when it receives a call, it will be answered from the desk phone but the SIP client in the PC will have already gone to the database and picked up the data to display on screen based on the incoming call received.

I still think we are doing it wrong, we could do it from the server side instead. But I wont oppose though.
0
 
LVL 1

Accepted Solution

by:
mikedaddy earned 125 total points
Comment Utility
I would setup a Mirrorport to dump my LAN side of the cisco call manager to a port. Plug that port into a Linux machine and run some perl code to realtime parse out ngrep:
ngrep -W byline -d eth0 port 5060

Open in new window


The parsing would be the hardest part, but there's probably a lot of info on parsing SIP messages.
0
 

Author Closing Comment

by:GDavis193
Comment Utility
Appreicate the help
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now