We have an Asterisk (18.5.1) deployment that has traditionally used UDP for SIP / RTP communications with our customers SIP phones.
To assist them when there are problems, we typically run a network trace (tcpdump) on the Asterisk server and then use Wireshark to review the network flow / headers / etc.
We have now deployed a WebRTC client using secure WebSockets, as per:
We are now having problems performing the same network tracing capabilities.
The first issue I hit was decrypting the TLS 1.3 packets. Eventually I found this tool:
which enables us to collect the keys required by Wireshark.
My first two questions are:
- Does Asterisk have any native debugging option for collecting the keys, rather than having to preload the tool?
- With the keys collected, Wireshark decrypts the packets sent from Asterisk to the client, but from the client to Asterisk. Is this expected, and is there any way to decrypt the packets sent from the client and collected in the trace on the server (Note : we have no way to run a trace on the client)?
Although I can only decrypt half the conversation, I can effectively see the SIP traffic for a call being initiated from the client.
When the media starts to flow, the packets in Wireshark show as RTP not SRTP. Shouldn’t the “webrtc=yes” option on the endpoint definition enforce media encryption (which I assume is SRTP)?
Lastly, when using Asterisk with WebRTC, what defines the port to be used in the SDP header Media Descriptions (“m=”) on the INVITE?:
Please note that WebRTC is all new to me, and I’m not really a network specialist, so apologies if some of the terms I’ve used are incorrect.
Thanks in advance.