Sniffer installation: Difference between revisions

From VoIPmonitor.org
No edit summary
(Undo revision 10318 by Admin (talk))
Tag: Undo
 
(34 intermediate revisions by 4 users not shown)
Line 1: Line 1:
VoIP monitor sniffer can be installed in two ways - either as static binary which will run on any Linux distribution with kernels >= 2.6.18 or compiled from sources.
{{DISPLAYTITLE:Sniffer Installation Guide}}
[[Category:Installation]]


= Latest Static binary =
'''This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method is the pre-compiled static binary.'''


Static binary for 32bit,64bit or Arm arch can be downloaded from http://www.voipmonitor.org/download pages.
== Understanding VoIPmonitor Components ==


VoIPmonitor consists of two separate components:


== Step by step for 64bit linux procedure ==
{| class="wikitable"
wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz --content-disposition --no-check-certificate
|-
tar xzf voipmonitor-*-static.tar.gz
! Component !! Description !! Requirements
cd voipmonitor-*-static
|-
./install-script.sh
| '''Sniffer / Sensor''' (This Guide) || Static binary that captures and analyzes VoIP traffic. Self-contained - no web server, PHP, or local database required. || Linux (kernel 2.6.18+), root privileges
|-
| '''Web GUI''' || PHP web interface for viewing data and configuration. || Web server (Apache/Nginx), PHP, MySQL/MariaDB. See [[GUI_installation|GUI Installation Guide]]
|}


{{Tip|The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.}}


== Step by step for 32bit linux procedure ==
== Installation Overview ==
wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz --content-disposition --no-check-certificate
tar xzf voipmonitor-*-static.tar.gz
cd voipmonitor-*-static
./install-script.sh


<kroki lang="plantuml">
@startuml
skinparam shadowing false
skinparam defaultFontName Arial
skinparam activity {
  BackgroundColor #E8F4FD
  BorderColor #4A90E2
}


== Step by step for ArmV6(RPI) linux ==
start
wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz --content-disposition --no-check-certificate
:Download static binary archive;
tar xzf voipmonitor-*-static.tar.gz
note right: wget from voipmonitor.org
cd voipmonitor-*-static
:Extract and run install-script.sh;
./install-script.sh
note right: Installs binary, config, service
:Edit /etc/voipmonitor.conf;
note right: Database, interface, id_sensor
:Start and enable service;
note right: systemctl start/enable
:Verify traffic capture;
note right: journalctl -u voipmonitor -f
stop


@enduml
</kroki>


== Step 1: Download the Static Binary ==


= Older static versions and versions with SS7(wireshark) module =
Download the archive for your system architecture:
If you need for any reason to install older version of a sniffer or version including wireshark's SS7 module follow:


{| class="wikitable"
|-
! Architecture !! Download Command
|-
| '''64-bit (x86_64)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|-
| '''32-bit (i686)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|-
| '''ARM (Raspberry Pi)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|}


== Install sniffer version of your choice ==
{{Note|If the primary URL hangs (common on Debian 11/12), use the alternative: <code>wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz</code>}}
Find voipmonitor*.tar.gz file of your choice at following site https://sourceforge.net/projects/voipmonitor/files/ and use the link for wget command in step by step [https://wiki.voipmonitor.org/doc/index.php?title=Sniffer_installation&action=submit#Step_by_step_for_64bit_linux_procedure above]


== Step 2: Extract and Install ==


=== Example of wget command for version 20.4.4 with ss7(wireshark) module ===
<syntaxhighlight lang="bash">
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-wireshark-amd64-20.4.4-static.tar.gz --content-disposition --no-check-certificate
tar xzf voipmonitor-sniffer.tar.gz
cd voipmonitor-*-static
sudo ./install-script.sh
</syntaxhighlight>


The script installs:
* Binary to <code>/usr/local/sbin/voipmonitor</code>
* Config to <code>/etc/voipmonitor.conf</code>
* Service to <code>/etc/init.d/voipmonitor</code>


{{Note|The service '''always runs as root''' regardless of installation prompts - this is required for packet capture privileges.}}


= Configuration of a sniffer =
== Step 3: Configure ==


Now edit configuration file /etc/voipmonitor.conf and run voipmonitor
Edit the configuration file:
/etc/init.d/voipmonitor start


<syntaxhighlight lang="bash">
nano /etc/voipmonitor.conf
</syntaxhighlight>


= Systemd script for bringing up voipmonitor service at a boot time =
Essential settings:


If your system uses systemd for services management create a [https://wiki.voipmonitor.org/doc/Systemd_for_voipmonitor_service_management systemd startup script]
{| class="wikitable"
|-
! Parameter !! Description !! Example
|-
| <code>mysqlhost</code> || Database server address || <code>192.168.1.100</code>
|-
| <code>mysqldb</code> || Database name || <code>voipmonitor</code>
|-
| <code>mysqluser</code> || Database user || <code>voipmonitor</code>
|-
| <code>mysqlpassword</code> || Database password || <code>secret</code>
|-
| <code>interface</code> || Network interface to monitor || <code>eth0</code>
|-
| <code>id_sensor</code> || Unique ID (1-65535) for multi-sensor deployments || <code>1</code>
|}


For complete configuration options, see [[Sniffer_configuration|Sniffer Configuration Reference]].


= Compile shared binary =
=== System Resource Requirements ===


Please see README.* inside the sources (we recommend to use the static version)  
{| class="wikitable"
|-
! Resource !! Recommendation
|-
| '''CPU''' || Main capture thread (t0) uses 1 core. Monitor <code>t0CPU</code> - if >90%, consider faster CPU or additional sensors.
|-
| '''RAM''' || 2-4 GB for <500 calls; 8-16 GB for 2000+ calls. Account for MySQL if co-located.
|-
| '''Disk I/O''' || HDD: ~2000 concurrent calls. SSD/RAID WriteBack for higher throughput.
|-
| '''Storage''' || Plan based on [[Data_Cleaning|retention policy]] and daily call volume.
|}


git clone https://github.com/voipmonitor/sniffer.git
For performance tuning, see [[Scaling|Scaling and Performance Tuning]].


== Step 4: Start the Service ==


= Sniffer uninstallation =
<syntaxhighlight lang="bash">
systemctl start voipmonitor
systemctl enable voipmonitor
</syntaxhighlight>


Here is simple cleaning script.
Other commands: <code>systemctl stop voipmonitor</code>, <code>systemctl status voipmonitor</code>


#!/bin/bash
For advanced systemd configuration, see [[Systemd_for_voipmonitor_service_management|systemd Service Management]].
 
SHAREDIR=usr/local/share/voipmonitor
== Step 5: Verify ==
AUDIODIR=$SHAREDIR/audio
 
BINDIR=usr/local/sbin
<syntaxhighlight lang="bash">
CFGDIR=etc
# Check service status
INITDIR=$CFGDIR/init.d
systemctl status voipmonitor
SENSOR=voipmonitor
 
  SPOOLDIR=/var/spool/$SENSOR
# Monitor live logs
journalctl -u voipmonitor -f
echo "Stopping $SENSOR"
</syntaxhighlight>
/$INITDIR/$SENSOR stop
 
Look for output like <code>calls[X][Y] PS[...] SQLq[0]</code> confirming traffic capture.
echo "Uninstalling /$SHAREDIR"
 
rm -rf /$SHAREDIR
If no calls appear, see [[Sniffer_troubleshooting|Sniffer Troubleshooting]].
 
echo "Uninstalling $SENSOR binary from /$BINDIR/$SENSOR"
== Downloading Specific Versions ==
rm /$BINDIR/$SENSOR
 
For specific versions or automation:
echo "Moving /$CFGDIR/$SENSOR.conf to /$CFGDIR/$SENSOR.conf-backup."
 
mv /$CFGDIR/$SENSOR.conf /$CFGDIR/$SENSOR.conf-backup
<syntaxhighlight lang="bash">
# Specific version (replace VERSION, e.g., 2025.07.1)
echo "Deleting $SPOOLDIR"
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-VERSION-static.tar.gz
rm -rf $SPOOLDIR
 
# Example
update-rc.d $SENSOR remove &>/dev/null
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-2025.07.1-static.tar.gz
chkconfig $SENSOR off &>/dev/null
 
chkconfig --del $SENSOR &>/dev/null
# Historical releases with SS7 module
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz
echo "Deleting starting script /$INITDIR/$SENSOR"
</syntaxhighlight>
rm /$INITDIR/$SENSOR
 
Direct download URLs work without portal login - ideal for automation, CI/CD, Ansible, Puppet, etc.
echo;
 
echo "The database is not deleted. Do it manually.";
== Advanced Installation ==
echo;
 
=== Legacy OS (CentOS 6, older glibc) ===
 
# Download the '''oldest available''' binary from the [https://www.voipmonitor.org/download-sniffer download page] (better glibc compatibility)
# If GUI shows ionCube errors, install the "Linux glibc2.4 (64 bits)" loader from [https://www.ioncube.com/loaders.php ioncube.com]
 
=== Manual Development Build Upgrade ===
 
<syntaxhighlight lang="bash">
mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
tar xzf sniffer.tar.gz
 
systemctl stop voipmonitor
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
systemctl start voipmonitor
</syntaxhighlight>
 
=== Compiling from Source (ARM64/Special Cases) ===
 
{{Note|Only for developers or when static binary is unavailable (e.g., ARM64/aarch64).}}
 
<syntaxhighlight lang="bash">
# Install dependencies (Debian 12)
apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev \
    libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev \
    libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev \
    libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev \
    liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev
 
# Clone and compile
cd /usr/src
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer
./configure
make
 
# Install
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static # backup if exists
mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
systemctl restart voipmonitor
</syntaxhighlight>
 
For automatic git-based upgrades, add to <code>/etc/voipmonitor.conf</code>:
<syntaxhighlight lang="ini">
upgrade_by_git = yes
git_folder = /usr/src/sniffer
</syntaxhighlight>
 
== Uninstallation ==
 
<syntaxhighlight lang="bash">
systemctl stop voipmonitor
systemctl disable voipmonitor
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/init.d/voipmonitor
rm -f /usr/local/sbin/voipmonitor
systemctl daemon-reload
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup
</syntaxhighlight>
 
{{Warning|1='''Spool directory contains PCAP files and recordings!''' Only delete if you no longer need this data: <code>rm -rf /var/spool/voipmonitor</code>}}
 
== See Also ==
 
* [[Sniffer_configuration|Sniffer Configuration Reference]]
* [[Sniffer_troubleshooting|Sniffer Troubleshooting]]
* [[Sniffer_distributed_architecture|Distributed Architecture: Client-Server Mode]]
* [[Scaling|Scaling and Performance Tuning]]
* [[Data_Cleaning|Data Cleaning and Retention]]
* [[Systemd_for_voipmonitor_service_management|systemd Service Management]]
 
== AI Summary for RAG ==
 
'''Summary:''' Step-by-step guide for installing VoIPmonitor sensor (sniffer) using pre-compiled static binaries. Process: download correct archive for architecture (64-bit, 32-bit, ARM), run <code>install-script.sh</code>, configure <code>/etc/voipmonitor.conf</code> (database, interface, id_sensor), start with systemctl. Service always runs as root. Direct download URLs (<code>https://download.voipmonitor.org/...</code>) work without login for automation. Covers system requirements (CPU t0 thread, RAM 2-16GB based on call volume, disk I/O), specific version downloads, legacy OS compatibility, compiling from source for ARM64, and uninstallation.
 
'''Keywords:''' install, installation, sniffer, sensor, static binary, install-script.sh, download, wget, systemd, systemctl, id_sensor, multi-sensor, ARM64, aarch64, Raspberry Pi, compile from source, git, upgrade_by_git, uninstall, CentOS 6, legacy, automation, CI/CD, direct download
 
'''Key Questions:'''
* How do I install the VoIPmonitor sniffer?
* Where can I download the sensor static binary?
* How do I configure id_sensor for multi-sensor deployments?
* What are the CPU and RAM requirements?
* How do I start and enable the voipmonitor service?
* What if the download URL hangs or fails?
* How do I install on legacy CentOS 6?
* How do I compile from source on ARM64?
* How do I uninstall VoIPmonitor?
* What are the direct download URLs for automation?

Latest revision as of 11:18, 9 January 2026


This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method is the pre-compiled static binary.

Understanding VoIPmonitor Components

VoIPmonitor consists of two separate components:

Component Description Requirements
Sniffer / Sensor (This Guide) Static binary that captures and analyzes VoIP traffic. Self-contained - no web server, PHP, or local database required. Linux (kernel 2.6.18+), root privileges
Web GUI PHP web interface for viewing data and configuration. Web server (Apache/Nginx), PHP, MySQL/MariaDB. See GUI Installation Guide

💡 Tip: The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.

Installation Overview

Step 1: Download the Static Binary

Download the archive for your system architecture:

Architecture Download Command
64-bit (x86_64) wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz
32-bit (i686) wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz
ARM (Raspberry Pi) wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz

ℹ️ Note: If the primary URL hangs (common on Debian 11/12), use the alternative: wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz

Step 2: Extract and Install

tar xzf voipmonitor-sniffer.tar.gz
cd voipmonitor-*-static
sudo ./install-script.sh

The script installs:

  • Binary to /usr/local/sbin/voipmonitor
  • Config to /etc/voipmonitor.conf
  • Service to /etc/init.d/voipmonitor

ℹ️ Note: The service always runs as root regardless of installation prompts - this is required for packet capture privileges.

Step 3: Configure

Edit the configuration file: 

nano /etc/voipmonitor.conf

Essential settings:

Parameter Description Example
mysqlhost Database server address 192.168.1.100
mysqldb Database name voipmonitor
mysqluser Database user voipmonitor
mysqlpassword Database password secret
interface Network interface to monitor eth0
id_sensor Unique ID (1-65535) for multi-sensor deployments 1

For complete configuration options, see Sniffer Configuration Reference.

System Resource Requirements

Resource Recommendation
CPU Main capture thread (t0) uses 1 core. Monitor t0CPU - if >90%, consider faster CPU or additional sensors.
RAM 2-4 GB for <500 calls; 8-16 GB for 2000+ calls. Account for MySQL if co-located.
Disk I/O HDD: ~2000 concurrent calls. SSD/RAID WriteBack for higher throughput.
Storage Plan based on retention policy and daily call volume.

For performance tuning, see Scaling and Performance Tuning.

Step 4: Start the Service

systemctl start voipmonitor
systemctl enable voipmonitor

Other commands: systemctl stop voipmonitor, systemctl status voipmonitor

For advanced systemd configuration, see systemd Service Management.

Step 5: Verify

# Check service status
systemctl status voipmonitor

# Monitor live logs
journalctl -u voipmonitor -f

Look for output like calls[X][Y] PS[...] SQLq[0] confirming traffic capture.

If no calls appear, see Sniffer Troubleshooting.

Downloading Specific Versions

For specific versions or automation: 

# Specific version (replace VERSION, e.g., 2025.07.1)
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-VERSION-static.tar.gz

# Example
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-2025.07.1-static.tar.gz

# Historical releases with SS7 module
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz

Direct download URLs work without portal login - ideal for automation, CI/CD, Ansible, Puppet, etc.

Advanced Installation

Legacy OS (CentOS 6, older glibc)

  1. Download the oldest available binary from the download page (better glibc compatibility)
  2. If GUI shows ionCube errors, install the "Linux glibc2.4 (64 bits)" loader from ioncube.com

Manual Development Build Upgrade

mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
tar xzf sniffer.tar.gz

systemctl stop voipmonitor
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
systemctl start voipmonitor

Compiling from Source (ARM64/Special Cases)

ℹ️ Note: Only for developers or when static binary is unavailable (e.g., ARM64/aarch64). 

# Install dependencies (Debian 12)
apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev \
    libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev \
    libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev \
    libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev \
    liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev

# Clone and compile
cd /usr/src
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer
./configure
make

# Install
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static  # backup if exists
mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
systemctl restart voipmonitor

For automatic git-based upgrades, add to /etc/voipmonitor.conf: 

upgrade_by_git = yes
git_folder = /usr/src/sniffer

Uninstallation

systemctl stop voipmonitor
systemctl disable voipmonitor
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/init.d/voipmonitor
rm -f /usr/local/sbin/voipmonitor
systemctl daemon-reload
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup

⚠️ Warning: Spool directory contains PCAP files and recordings! Only delete if you no longer need this data: rm -rf /var/spool/voipmonitor

See Also

AI Summary for RAG

Summary: Step-by-step guide for installing VoIPmonitor sensor (sniffer) using pre-compiled static binaries. Process: download correct archive for architecture (64-bit, 32-bit, ARM), run install-script.sh, configure /etc/voipmonitor.conf (database, interface, id_sensor), start with systemctl. Service always runs as root. Direct download URLs (https://download.voipmonitor.org/...) work without login for automation. Covers system requirements (CPU t0 thread, RAM 2-16GB based on call volume, disk I/O), specific version downloads, legacy OS compatibility, compiling from source for ARM64, and uninstallation.

Keywords: install, installation, sniffer, sensor, static binary, install-script.sh, download, wget, systemd, systemctl, id_sensor, multi-sensor, ARM64, aarch64, Raspberry Pi, compile from source, git, upgrade_by_git, uninstall, CentOS 6, legacy, automation, CI/CD, direct download

Key Questions:

  • How do I install the VoIPmonitor sniffer?
  • Where can I download the sensor static binary?
  • How do I configure id_sensor for multi-sensor deployments?
  • What are the CPU and RAM requirements?
  • How do I start and enable the voipmonitor service?
  • What if the download URL hangs or fails?
  • How do I install on legacy CentOS 6?
  • How do I compile from source on ARM64?
  • How do I uninstall VoIPmonitor?
  • What are the direct download URLs for automation?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Sniffer_installation&oldid=10321"