Hep3

HEP3 tracing; CSDART-8508 / CSDART-6937: SCP and SEPP HEP3 tracing and capture

HEP3 (Homer Encapsulation Protocol Version 3) transmits packets over UDP/TCP/SCTP connections. Each packet starts with the HEP3 header:

The HEP3 header consists of a 4-octet protocol identifier with the fixed value 0x48455033 (ASCII „HEP3“) and a two-octet length value (network byte order). The length value specifies the total packet length including the HEP3 or EEP3 ID, and the length field itself and the payload. It has a possible range of values between 6 and 65535.

After the header, the payload is structured in form of concatenated chunks. Each chunk has the following structure (octet offset relative to the start of the chunk):

The chunk type is identified by a two-octet vendor ID and a two-octet type ID (both in

network byte order). The vendor ID allows for grouping of chunk types for specific vendors (i.e., a vendor can receive a vendor ID and then define chunk type on its own). The chunk length field (network byte order) specifies the total length of the chunk, including the vendor ID, type ID, length and payload fields. In combination, the vendor and type ID fields and the length field allows a HEP3 implementation to skip unknown chunks and continue processing of a HEP3 packet.

The chunk payload depends on the type of the chunk and is defined in the following documentation section, or, for vendor specific chunks, by the vendor that maintains the chunk vendor ID. The following payload types are defined:

https://www.yumpu.com/en/document/read/11926030/hep3-network-protocol-specification-rev-10-2012-sipcaptureorg

HOMER is Packet and Event capture system popular fpr VOIP/RTC Monitoring based on HEP/EEP (Extensible Encapsulation protocol)

https://telecom.altanai.com/2021/09/19/eep-formely-hep-extensible-encapsulation-protocol-with-homer/

https://github.com/sipcapture/HEP

Hi all,

Is there a lightweight tool that can capture HEP and write directly to a PCAP?

I have tried sngrep but it's removing the IP headers.

Thanks

Matthew

https://groups.google.com/g/homer-discuss/c/W7DB9YkZMTc?pli=1

The closest would be Homer's EXPORT and its a UI/API feature, which is near-real time through our database. We have no tools dumping streaming HEP to PCAP as it would not make a lot of sense in our application's context where dumping dumber PCAPs is the last thing we want to do, but thanks to our many HEP code examples in pretty much any programming and scripting language you could grab any PCAP writer library and write one in minutes. Here's a fictional NodeJS example:

var hepjs = require('hep-js');

const pcapw = require('pcap-writer');

var udp = require('udp-packet')

// Initialize a PCAP Writer

const pcapWriter = pcapw.createPcapWriter('file.pcap', 1500, 105);

// Initialize some HEP Socket

var socket = dgram.createSocket('udp4')

socket.on('message', (message) => {

        // Decode HEP3 message

        var decoded = hepjs.decapsulate(message);

        // Convert to Packet and Store in a PCAP

        var packet = udp.encode({

          sourceIp: decoded.rcinfo.srcIp,

          sourcePort: decoded.rcinfo.srcPort,

          destinationIp: decoded.rcinfo.dstIp,

          destinationPort: decoded.rcinfo.dstPort,

          data: Buffer(decoded.payload)

        })

        pcapWriter.writePacket(packet);

})

socket.bind(9060, '0.0.0.0'); 

We already have quite a few examples similar in nature on our github and npm packages, feel free to look around and adjust to your needs!

If you get stuck or cannot assemble this yourself, consider opening a Feature Request on the HOMER Issue Tracker and someone else might help.