WeSIP

From Wesip

The idea behind the secrets file (the one specified through -w switch to SpyAgent, is to let SipSpy be used by different kinds of users.

Imagine a SIP provider which is serving several domains, and each domain have their own call-center and 1st/2nd level assistance. In that case, the SIP provider would be interested in letting each of the SIP domain technical staff to monitor traffic on that node, but only to monitor traffic for *their* SIP domain.

This can be enabled creating a different account for each SIP domain, with their own username, password, role and meta-regex.

The meta-regexp will be matched against the regexp that user provides.

So if you have super.com and mega.net domains, you will have the secrets file like this:

supertech:weirdpass:user:[0-9]{1-9}@sip.super.com megatech:funpass:user:[a-z0-9]{1-8}@sip.mega.net

which says: the admin from super.com, will be identified with username/password = supertech/weirdpass, his role wll be 'user', so he can't change the interface where spyAgent is listening (nor the BPF filter), and the regexp he provides for capturing, must be some number of numbers [0-9]{1-9} and must finish with the @sip.super.com. This way, you avoid super.com tech staff monitoring traffic of mega.net (yes, when someone of another network calls someone at super.com, he'll be able to see it, but I'm sure you can figure a regexp to avoid that). If super.com admin tried to give a regexp like .*@sip.mega.net, he wouldn't be allowed, because it doesn't match his regexp !!

Please, see spyAgent's man page for more info, or the source code for even more info.