SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Understanding Missing SIP Signaling Details in TLS-Encrypted PCAP Logs

Overview

When troubleshooting SIP (Session Initiation Protocol) call issues, packet capture (PCAP) logs are a valuable tool for analyzing call setup, signaling, and interoperability. However, if your SIP traffic to Twilio is encrypted using TLS (Transport Layer Security), you may notice that the PCAP logs available in the Twilio Console do not contain readable SIP signaling details. This article explains why this occurs, what it means for your troubleshooting process, and what alternative options are available.

 

Product

Elastic SIP Trunking

 

Environment

legacy Twilio Console

 

Frequently Asked Questions

Why Are SIP Details Missing in PCAP Logs with TLS?

When you enable TLS for SIP traffic, all SIP signaling between your infrastructure and Twilio is encrypted. This means:

  • SIP messages (such as INVITE, 200 OK, BYE, etc.) are not visible in plaintext  within the PCAP files.
  • The Twilio Console can only display and allow download of SIP signaling PCAPs for calls that are not encrypted with TLS.
  • If TLS is enabled, the PCAPs will not contain readable SIP signaling data this is by design and is a security best practice.

 

Why Does Twilio Not Provide Decrypted PCAPs?

Twilio’s approach aligns with industry standards for security and privacy:

  • TLS is designed to protect your signaling data from interception or tampering.
  • Decrypting and exposing SIP signaling would undermine the security guarantees of TLS.
  • This limitation is not unique to Twilio any provider that implements TLS correctly will have the same restriction.

 

How Can I Troubleshoot SIP Issues with TLS Enabled?

While you cannot access decrypted SIP signaling in Twilio’s PCAP logs when TLS is enabled, you still have several options:

1. Reproduce in a Test Environment

  • Temporarily disable TLS in a controlled, non-production environment.
  • Make test calls and capture PCAPs with unencrypted SIP signaling for analysis.
  • Important: Only do this in a secure environment, as disabling TLS exposes signaling to potential interception.

2. Use Endpoint Logging

  • Enable detailed SIP logging on your own SBCs, PBXs, or endpoints.
  • Capture SIP signaling before it is encrypted for transport to Twilio.

3. Leverage Twilio’s Other Diagnostics

  • Use Twilio’s Call Logs, Error Logs, and SIP response codes, which remain available even when TLS is enabled.
  • These logs can provide insight into call setup, errors, and call flow.

4. Collaborate with Twilio Support

  • Twilio Support can assist with troubleshooting using internal logs and metadata, even if full PCAPs are not available.

 

Conclusion

If you require both strong security (TLS) and deep troubleshooting (PCAPs with SIP signaling), you may need to adjust your troubleshooting workflow. While Twilio cannot provide decrypted SIP signaling in PCAPs when TLS is enabled, you can use test environments, endpoint logging, and Twilio’s other diagnostic tools to investigate call issues.

Below you will find references to useful documents:

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk