IP Office

Free IP Office SMDR Server

IP Office has the ability to send SMDR info by default, FOR FREE!  You just need something to grab the info….

Quick Links:

  1. How to access IP Office for Basic SMDR
  2. Background Information
  3. Installing NCAT
  4. Overview
  5. NCAT Installation
  6. Configure IP Office
  7. Create a Batch File to start listening on the Port
  8. How to access IP Office for Basic SMDR
  9. Create a Batch File to End NCAT
  10. Test your Files
  11. Creating Scheduled Tasks
  12. Test you Task schedule
  13. Appendix A
  14. Sample Batch Files
  15. Sample Task Scheduler Files

How to access IP Office for Basic SMDR

The purpose of this document is to provide guidelines for configuring IP Office and a PC to be able to receive basic SMDR information that can be accessed using an application that can view / open a .CSV File.

By default, IP Office provides the ability to retrieve RAW SMDR information. This document will explain how to use an open source application called NCAT to listen for SMDR transmissions from the IP Office and write the records to a .CSV file format.

If there are multiple systems in a single network, either all records may be written to a single file and would then need to be sorted by the IP Address or the system, or multiple instances of NCAT could be used, and different ports and file names would need to be configured on the IP Office and NCAT.

If sophisticated reports are required, then this is not a replacement for a proper call accounting application. This tool provides RAW data, but can be useful when trying to identify who dialed an emergency number of information related to a call that may have been malicious in nature.

 

Background Information

In this document we will be discussing running NCAT and killing NCAT using Windows Task Scheduler at specific times of day and the reason my not be immediately apparent. Here’s why.

Technically you could leave NCAT running 24/7 however there would be no mechanism to control the size of the file or file names, so you would end up with one huge file with months and months of data. Now you could leave NCAT running all day and then use the Task Scheduler to kill the app at midnight and then start a new session a minute later and then create a file with a new file name. That would also work. What we are going to do here though is schedule NCAT to only run for an hour or so per day to allow the IP Office to download all of it’s records and then close NCAT. There is no right or wrong way, and it is up to you to decide what works best for you.

If you are going to run once a day, there is one very important thing to note, and that is that the IP Office will only retry to send the buffered records if there is activity on the system. If for instance you decide to run the NCAT at 11pm when no one is around and there is zero activity on the system, chances are you won’t retrieve the records, so make sure you schedule the task to run when you know that there will be activity on the system. Make sure that you schedule to kill the task at least 30+ minutes (recommend at least 1 hour) to allow for both activity and time to download the records.

While NCAT may be run manually using a Command Prompt, for the sake of this exercise we will be using a .BAT file that can then be called and filled from the Task Scheduler.

 

Installing NCAT

Overview

Ncat (https://nmap.org/ncat/) is a feature-packed networking utility which reads and writes data across networks from the command line. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users.

Ncat is bundled with NMAP (https://nmap.org/) which is a free and open source utility that often used for network discovery and security auditing.

However, you do not need to install all components with the NMAP Installer. The minimum application needed to be installed is NCAT.

NMAP is available in both Windows and Linux distribution options, however we will only cover a Windows Implementation in this guide.

Download the latest stable Windows Self installer from the NMAP website. https://nmap.org/download.html

NCAT Installation

  1. Run the Installer on the Windows PC that will be configured to listen for the SMDR records. Accept the License agreement

  1. Uncheck any options that are not required for your instance. NCAT is the minimum required application and possibly the Update application

  1. Choose the installation folder or accept the default. – Further configuration instructions in this document assumes that the default directory is used

  1. Select Next once the install is complete

  1. Select Finish to close the installer

Configure IP Office

To collect records, the IP Office MUST have first been configured to capture SMDR logs.

Open IP Office using Manager or Web Manager and Navigate to the System – SMDR Field

  1. Complete the following
    1. Enable SMDR Only in the Output drop down
    2. Configure the IP Address of the PC that will listen for SMDR records
    3. Define the TCP port that NCAT will be listening on the PC
    4. Set the desired number of records to buffer. In the example below, we selected 3000 which is the maximum supported.

Create a Batch File to start listening on the Port

To allow for NCAT to be run from a Task Scheduler we will be creating a batch file that the Task Scheduler can then call. Technically you could have NCAT called directly from the Task Scheduler, however it then won’t be possible to define the date and time in the file name.

In most cases Windows requires some of these commands to be run with Admin privileges so the batch file is going to do more than just start Ncat and listen on the applicable port.

  1. Here is a list of everything that the batch file will be doing
    1. Elevate Permissions
    2. Check if an SMDR directory is present on the C Drive and if not create one
    3. Add the necessary Windows Firewall Rules to open the port
    4. Determine the Date and Time
    5. Scan the SMDR directory and delete any files that are older than 90 days
    6. Start Ncat and create a new file in the C:\SMDR directory and append the date and time the file was created to the .csv file.
  2. Any of the parameters listed above may be changed but remember in some cases the changes need to be made in multiple places in the file.
    1. Headings in Red are Commented out but there to explain what is happening at this point in the file
    2. Highlight Yellow – If you change the port or directory etc then make sure it is changed in all places
    3. Highlight Green – If one PC is going to listen to multiple systems, then change the file name to represent the correct system.

Remember if you are going to listen to two systems, you will need 2 x Batch file and make at minimum that the second file is using an alternate port. Instead of using different file names, you could also create different directories instead… be consistant.

  1. Copy and paste the content of the box below and paste into a Word editor and make any changes needed for your implementation. Save the File as SMDR_Collector.bat. If multiple files replace SMDR with system Name. Try saving the file as close to the root of your drive as possible, i.e. C:\SMDR-Collector.bat

::::::::::::::::::::::::::::::::::::::::::::

:: Automatically check & get admin rights

::::::::::::::::::::::::::::::::::::::::::::

@echo off

CLS

ECHO.

ECHO =============================

ECHO Running Admin shell

ECHO =============================

:init

setlocal DisableDelayedExpansion

set “batchPath=%~0”

for %%k in (%0) do set batchName=%%~nk

set “vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs”

setlocal EnableDelayedExpansion

:checkPrivileges

NET FILE 1>NUL 2>NUL

if ‘%errorlevel%’ == ‘0’ ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges

if ‘%1’==’ELEV’ (echo ELEV & shift /1 & goto gotPrivileges)

ECHO.

ECHO **************************************

ECHO Invoking UAC for Privilege Escalation

ECHO **************************************

ECHO Set UAC = CreateObject^(“Shell.Application”^) > “%vbsGetPrivileges%”

ECHO args = “ELEV ” >> “%vbsGetPrivileges%”

ECHO For Each strArg in WScript.Arguments >> “%vbsGetPrivileges%”

ECHO args = args ^& strArg ^& ” ” >> “%vbsGetPrivileges%”

ECHO Next >> “%vbsGetPrivileges%”

ECHO UAC.ShellExecute “!batchPath!”, args, “”, “runas”, 1 >> “%vbsGetPrivileges%”

“%SystemRoot%\System32\WScript.exe” “%vbsGetPrivileges%” %*

exit /B

:gotPrivileges

setlocal & pushd .

cd /d %~dp0

if ‘%1’==’ELEV’ (del “%vbsGetPrivileges%” 1>nul 2>nul & shift /1)

::::::::::::::::::::::::::::

::START

::::::::::::::::::::::::::::

:: Check Whether Folder to Store Files Exists

IF EXIST C:\SMDR goto _next

mkdir C:\SMDR

goto _next

:_next

:_OldFiles

:: SCAN for Files older than 90 days and Delete them

forfiles /p “C:\SMDR” /s /d -90 /c “cmd /c del @file”

:_Firewall

Echo Setting Firewall Port

:: ———————————————–

:: Open Port 6969 TCP on Windows Firewall

:: ———————————————–

REM RULE – Look for Added Rules

set RULENAME=”Avaya SMDR 6969 TCP”

set PORTNUMBER=”6969″

netsh advfirewall firewall show rule name=%RULENAME% >nul

if not ERRORLEVEL 1 (

rem Rule %RULENAME% already exist.

rem echo Hey, you already got a out rule by that name, you cannot put another one in!

goto _SMDR

) else (

echo Rule %RULENAME% TCP not exist. Creating…

netsh advfirewall firewall add rule name=”Avaya SMDR 6969 TCP” dir=in protocol=TCP localport=6969 action=allow

)

goto _SMDR

:_SMDR

CLS

:: ————————————————————-

:: Determine Today’s date and Current Time

:: ————————————————————-

:: Use WMIC to retrieve date and time

FOR /F “skip=1 tokens=1-6” %%G IN (‘WMIC Path Win32_LocalTime Get Day^,Hour^,Minute^,Month^,Second^,Year /Format:table’) DO (

IF “%%~L”==”” goto s_done

Set _yyyy=%%L

Set _mm=00%%J

Set _dd=00%%G

Set _hour=00%%H

Set _minute=00%%I

)

:s_done

:: Pad digits with leading zeros

Set _mm=%_mm:~-2%

Set _dd=%_dd:~-2%

Set _hh=%_hour:~-2%

Set _min=%_minute:~-2%

Set logtimestamp=%_yyyy%%_mm%%_dd%-%_hh%%_min%

@echo off

echo ———————————————————–

echo – SMDR File C:\SMDR\smdr_%logtimestamp%.csv created

echo –

echo – Please allow a few minutes for records to be downloaded

echo –

echo ———————————————————–

call “C:\Program Files (x86)\Nmap\ncat.exe” -l -p 6969 > C:\SMDR\smdr_%logtimestamp%.csv

Create a Batch File to End NCAT

  1. Create a second batch file, but this time we will be killing the running NCAT Task. Note if you are running multiple instances of NCAT at the same time listening on all ports, this task will kill all active processes.
  2. Copy and paste the content from the box below and save it in a Word / Text Editor and save the file as SMDR_TaskKill.bat. Save the file in the same location as the previous file.

::::::::::::::::::::::::::::::::::::::::::::

:: Automatically check & get admin rights

::::::::::::::::::::::::::::::::::::::::::::

@echo off

CLS

ECHO.

ECHO =============================

ECHO Running Admin shell

ECHO =============================

:init

setlocal DisableDelayedExpansion

set “batchPath=%~0”

for %%k in (%0) do set batchName=%%~nk

set “vbsGetPrivileges=%temp%\OEgetPriv_%batchName%.vbs”

setlocal EnableDelayedExpansion

:checkPrivileges

NET FILE 1>NUL 2>NUL

if ‘%errorlevel%’ == ‘0’ ( goto gotPrivileges ) else ( goto getPrivileges )

:getPrivileges

if ‘%1’==’ELEV’ (echo ELEV & shift /1 & goto gotPrivileges)

ECHO.

ECHO **************************************

ECHO Invoking UAC for Privilege Escalation

ECHO **************************************

ECHO Set UAC = CreateObject^(“Shell.Application”^) > “%vbsGetPrivileges%”

ECHO args = “ELEV ” >> “%vbsGetPrivileges%”

ECHO For Each strArg in WScript.Arguments >> “%vbsGetPrivileges%”

ECHO args = args ^& strArg ^& ” ” >> “%vbsGetPrivileges%”

ECHO Next >> “%vbsGetPrivileges%”

ECHO UAC.ShellExecute “!batchPath!”, args, “”, “runas”, 1 >> “%vbsGetPrivileges%”

“%SystemRoot%\System32\WScript.exe” “%vbsGetPrivileges%” %*

exit /B

:gotPrivileges

setlocal & pushd .

cd /d %~dp0

if ‘%1’==’ELEV’ (del “%vbsGetPrivileges%” 1>nul 2>nul & shift /1)

::::::::::::::::::::::::::::

::START

::::::::::::::::::::::::::::

:: ——————————————————-

:: Kill NCAT

:: ——————————————————-

TASKKILL /F /IM ncat.exe

Test your Files

It should now be possible to run your Collector Batch file and if you are connected to an IP Office that is active it should start collecting Data. Even if not currently connected you can verify that

  1. The Directory has been created
  2. The File has been created in the format smdr_date_time.csv
  3. You should have a Command Shell Window that looks like the below

Now run the TaskKill Batch file to confirm that it closes the first window

 

 

Creating Scheduled Tasks

  • If all tests have completed successfully it is now time to create a scheduled task. There will be two Scheduled Tasks created, first to start the Listener and then the second to end the listener.

Recommendation: The Task Scheduler will require a Windows User account to be used that has enough access to run the script. Often the same account is used that is being used to perform general administrative work, however in many environments these accounts are set to require password changes after so many days / months. If that is the case, then it is recommended that you first create a User Account that is not subject to password expiration policies and you use that account to run the task scheduler instead.

  1. Open Windows Task Scheduler. On Windows 10 Task Scheduler can be located in the Administrative Tools section, or click the Windows icon and type “Task..” and it will present the option to select the Task Scheduler.
  2. In the Task Scheduler Library, Select Create Basic Task

3.  Give the Task a Name and description

4.  Set how often the task will run. Daily is most likely the best option

5.  Set the Start Date and Time. Remember it must be in the future

6.  We will be calling a batch file so select Start a program

7.  Browse to the location where you have saved the “Collector” Batch File

8.  On the Final screen, Check the Open the Properties dialog box as we will need to change some of the default values

9.  Using the snapshot below select the respective radial buttons and boxes and then select the Change User or Group box. Microsoft Windows® wants the user account in the format of PC_Name\Username

10.  Enter the name of the User than will be used to run the Task and select Check Names. If resolved the format will automatically update to PC_Name\Username, and select OK

Note: Even once selected if at a later time you go back and make any changes to the Task, regardless of what it is, the User account always defaults back to Username only and you have to repeat this process so beware.

11. Once back on the Properties Window confirm the settings and then when ready Select OK

12. You will be prompted to enter the Password for the User when Selecting OK. Enter the Password and then select OK

13.  Now repeat the process above, but this time select the TaskKill Batch file and Ensure that the Start Time is at least One hour after the start of the Collector Task.

14.  If you are going to leave the application running 24/7 make sure the Kill task is scheduled for 23:59 and the Start task is scheduled the following day at 00:01. This would allow 2 minutes for the tasks to be ended before starting the new task.

 

 

Test you Task schedule

Ensure that your tasks are running correctly by first selecting the Collector Task and selecting run. Refresh to confirm that the Task is in a running state and no longer in a Ready state. There should also be a new file created in your Collector directory with the current date and time.

Once validated select the Task Kill Scheduled Task and Select Run. Give it a couple of seconds and then Refresh. Both Tasks should be back to a Ready state.

The Task Scheduler allows for the Tasks to be Exported from one system and then imported into another system.

If you have more than one Collector Batch file, export the Collector Task and then rename it prior to importing it so that imports with the new name. Update the Description and Port information and then configure the Start Time under the Triggers Tab, the File name to call under the programs Tab and then finally the User Account on the General Tab.

 

 

Appendix A

Sample Batch Files

Sample Task Scheduler Files

Print Friendly, PDF & Email