<p dir="ltr">Hi Bogdan,</p>
<p dir="ltr">I used the tshark command as explained here on page 14: <a href="http://opensips.org/pub/events/2015-05-12_OpenSIPS-Summit_Amsterdam/Lorenzo_Mangani-OpenSIPS_Summit2015-SIPCapture.pdf"> http://opensips.org/pub/events/2015-05-12_OpenSIPS-Summit_Amsterdam/Lorenzo_</a><a href="http://opensips.org/pub/events/2015-05-12_OpenSIPS-Summit_Amsterdam/Lorenzo_Mangani-OpenSIPS_Summit2015-SIPCapture.pdf">Mangani-OpenSIPS</a><a href="http://opensips.org/pub/events/2015-05-12_OpenSIPS-Summit_Amsterdam/Lorenzo_Mangani-OpenSIPS_Summit2015-SIPCapture.pdf">_</a><a href="http://opensips.org/pub/events/2015-05-12_OpenSIPS-Summit_Amsterdam/Lorenzo_Mangani-OpenSIPS_Summit2015-SIPCapture.pdf">Summit2015-SIPCapture.pdf</a></p>
<p dir="ltr">tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 162.249.6.110,5061,sip,/install/tls/domain.com-key.pem" -i eth0 -f "tcp port 5061"</p>
<p dir="ltr">I'm using a command line version of Linux without a graphic UI, so I could not "configure Wireshark to decide TLS" as mentioned in that document, however I did pass the private key in the command as shown above.</p>
<p dir="ltr">Does tshark require configuring to decode TLS, other than passing the private key in the command? </p>
<div class="gmail_quot<blockquote class=" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<tt>Hi Nabeel,<br>
<br>
Indeed, the 408 seems generated by OpenSIPS (after 5 seconds).
Such reply is generated only if the the request was actually sent
out (if no request sent, there is no timeout). But the network
capture does not show anything :( ... maybe wrong capturing ?<br>
<br>
So you see anything in the logs ? have you tried to run with debug
level 4 ?<br>
<br>
Regards,<br>
</tt>
<pre cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a href="http://www.opensips-solutions.com" target="_blank">http://www.opensips-solutions.com</a></pre>
<div>On 06.01.2016 23:07, Nabeel wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">I managed to capture the SIP traffic
with Wireshark. It seems that the party generating the 408
reply is OpenSIPS, not the callee. OpenSIPS does not seem to
forward the call to the callee at all.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Below are traces showing a successful
call and a call with Request Timeout. </div>
<div class="gmail_extra">The server IP is <span>162.249.6.110,</span> the
caller IP is <span>92.40.249.9</span><span><font color="#000000">, </font></span>and the callee IP is <span>188.29.165.24</span>.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Trace for a successful call:</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><a href="http://pastebin.com/2xn0bkEU" target="_blank">http://pastebin.com/2xn0bkEU</a><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Trace for a call with Request Timeout:</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><a href="http://pastebin.com/WR7BA6pj" target="_blank">http://pastebin.com/WR7BA6pj</a><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Please advise what may be causing this.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
</div>
</div>
</blockquote>
<br>
</div>
</div>