Quality Management Suite

 


SIP PBX Type

 

QMS Call Recording records and monitors telephone calls by sniffing packets traversing across the data network. Packet sniffing is achieved by enabling port mirroring on a data switch and feeding the mirrored port of that switch to the Sniffing port on the QMS Call Recording Server. Port Mirroring is supported by most data switches and when enabled will send a copy of every packet destined for one port to another port.  For more information on port mirroring, click here.

SIP, Session Initiated Protocol, is a signaling protocol, widely used for controlling voice communication sessions. SIP is an application layer protocol that can utilize either TCP or UDP, SCTP and others.

SIP is employed within many PBX’s, such as Asterisks and Zultys, and is also utilized by “Cloud” service providers. In these cases, SIP packets are presented to us on a separate Sniffing port along with the voice payload as UDP packets.

 

QMS Server Setup & Configuration

Working in a SIP port mirroring environment, the QMS Call Recording Server must have 2 NIC's.  The primary NIC for a LAN connection must have a static IP address.  The second NIC used as the sniffing port, must have the tcp/ip properities unchecked in the NIC properties.

Verify the NIC properties by going to Control Panel > Network & Internet > Network Sharing Center > Change Adapter Settings.

The illustration below shows the Properties page.  For the LAN NIC, uncheck Internet Protocol Version 6.  For the Sniffer NIC, uncheck both Internet Protocol Version 6 and Version 4.

 

The only other SIP port-mirroring-specific thing that you need to do, is to set the PBX type in QMS Call Recording Server.  Login to QMS Call Recording and click on the Services button on the left menu.  The Services page will open.  Highlight the service and click edit.  This will give you the option to select the correct PBX type.  Select SIP as the PBX type.  Make sure that you save the changes.


Packet Capturing:

SIP is the Call Control Protocol.  It provides the QMS Call Recording Server with information about the start of the call, end of the call, Call ID and Caller ID information and more.

Voice traffic will appear as UDP packets. When decoded as RTP packets, you will be able to see the Codec and Audio Compression Protocol ex: G711; G729 etc.

When you do a packet capture what you should see are a series of SIP packets followed by the audio payload followed by more SIP packets.


SIP Configuation Settings

The following configuration options are made in the CallRecordingService.exe.Config file.

EnableSipDHCPOnRegister  true= Enable   false =  Disable      This is used when QMS does not pickup the IP address of an agent's phone automatically.

EnableLoggingRawSIPMessages  true = Enable   false = Disable    This is used to provide deeper logging to assist in troubleshooting problems.  It logs the headerlines from the sniffed message.   This should be turned on for testing only and must be turned off as it will generate large logs.

EnableLoggingParsedSIPMessages true = Enable   false = Disable    This is used to provide deeper logging to assist in troubleshooting problems.   This logs the values that the recording service parses from the sniffed message.  This should be turned on for testing only and must be turned off as it will generate large logs.

They should be placed in the 'Control' section between <CallRex> and </CallRex>

Example:

 <CallRex>
<System MessagingChannel="d258861f-1a90-4fc7-9921-4b9d77ba20a7"
SniffingCard="05b65fd8-2c2a-4673-8f71-f79d3d0c445a" />
<Recording ServiceID="f305ec04-a204-4b41-8437-175a04e72db1" LastConversionTime="02/26/2015 11:04:20" />
<Control EnableSipDHCPOnRegister="true" VLanEnabled="true" />
<Tsapi />
<Tapi />
</CallRex>

 

How to Capture:

1. Open Wireshark

2. On the TOP menu, Click Capture > Interfaces

3. Click on the Start button next to the Sniffer Interface

4. Place the test call, talk for 15 seconds and then hangup

5. Click Capture > Stop

6. In the Filter field atop WireShark enter ip.addr==192.168.12.100 and hit enter

(Note the 2 = signs)  (Note: input the actual IP address of the test extension)

7. Depending on the size of the capture, it may take several minutes to filter through and

provide you with the capture you are looking for.

8. In figure 1, you can see the beginning of a call; first the SIP packets and then the UDP packets which are shown decoded as RTP.


9. The SIP packets display messages that are interpreted by the CallRex Server. Most of these messages are readable.

Ex: Ringing. Notify, Register, Invite etc.

And while we do not need to know exactly what they mean, their presence is what is important. The above string of SIP packets indicate an Incoming call. In many cases, these packets will be repeated.

11. Here (below) is the end of a call.  Notice the BYE message.



13. Insure that the proper Codec is being used to encapsulate the voice traffic. On Wireshark, right click on one of the UDP packets.

Select Decode As from the drop down menu. Scroll down to RTP and click OK. It may take a few minutes to re-filter through.

The end result will be to re-filter the UDP packets into RTP packets which will clearly show the Codec. In this case the Codec displayed is G711.

 

Notes

 

Normally SIP arrives on port 5060.  On rare occasions, it might be some other port.  If you encounter this, take the capture filter from the call control log then change the default 5060 to the port they are using.  Use the config option CCFilter, then insert the entire filter as the value.  Restart services

 

 Return to Main Page