|
|
| (4 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| === Investigating Specific Missing Calls ===
| | asd |
| | |
| If you have a list of specific phone numbers that should have been recorded but are missing from the CDR database, use this workflow to determine whether the traffic reached the sensor.
| |
| | |
| '''Step 1: Capture SIP traffic on the VoIPmonitor server'''
| |
| | |
| Capture SIP traffic to a PCAP file for analysis:
| |
| <syntaxhighlight lang="bash">
| |
| # Capture SIP traffic (adjust interface and port as needed)
| |
| tcpdump -i any -nn -s0 -w /tmp/sip_capture.pcap port 5060
| |
| | |
| # Let it run during the time when missing calls occur, then stop with Ctrl+C
| |
| </syntaxhighlight>
| |
| | |
| '''Step 2: Identify missing numbers and approximate call times'''
| |
| | |
| From your input list, note the specific phone numbers and their approximate call times that are missing from the database.
| |
| | |
| '''Step 3: Use tshark to find Call-IDs for missing numbers'''
| |
| | |
| Search the capture file for SIP INVITE messages containing the missing numbers:
| |
| <syntaxhighlight lang="bash">
| |
| # Find Call-IDs for a specific missing number
| |
| tshark -r /tmp/sip_capture.pcap -Y "sip.Method == INVITE && sip contains \"NUMBER\"" -T fields -e sip.Call-ID
| |
| | |
| # Replace NUMBER with the actual phone number (e.g., 5551234567)
| |
| </syntaxhighlight>
| |
| | |
| This returns the Call-IDs for calls involving that number.
| |
| | |
| '''Step 4: Search for Call-IDs in the VoIPmonitor GUI'''
| |
| | |
| Use the GUI search function to look for each Call-ID found in Step 3:
| |
| * Navigate to the CDR view
| |
| * Use the search/filter to find calls by Call-ID
| |
| * If the Call-ID is found, the call was processed but may be filtered or in a different time range
| |
| * If the Call-ID is NOT found, the sensor did not process the call
| |
| | |
| '''Step 5: Determine the root cause'''
| |
| | |
| * '''If packets are NOT found in the capture file''': Traffic is not being delivered to the sensor. Check network topology and port mirroring/SPAN configuration. See [[Sniffing_modes]] for SPAN setup.
| |
| * '''If packets ARE found in capture but Call-IDs are NOT in GUI''': Sensor received traffic but did not process the calls. Check [[#Missing id_sensor Parameter|id_sensor configuration]], [[#GUI Capture Rules Blocking|capture rules]], or [[Database_troubleshooting|database issues]].
| |
| | |
| '''Step 6: Verify record counts with SQL query'''
| |
| | |
| To verify the number of CDRs for a specific time range:
| |
| <syntaxhighlight lang="sql">
| |
| -- Count CDRs for a specific time range
| |
| SELECT count(*) FROM cdr
| |
| WHERE calldate >= 'YYYY-MM-DD HH:MM:SS'
| |
| AND calldate < 'YYYY-MM-DD HH:MM:SS';
| |
| | |
| -- For cdr_next table (if using partitioned schema)
| |
| SELECT count(*) FROM cdr_next
| |
| WHERE cdr_ID IN (SELECT ID FROM cdr
| |
| WHERE calldate >= 'YYYY-MM-DD HH:MM:SS'
| |
| AND calldate < 'YYYY-MM-DD HH:MM:SS');
| |
| </syntaxhighlight>
| |
| | |
| {{Tip|This workflow helps distinguish between network delivery issues (packets never reach sensor) and sensor processing issues (packets arrive but are not recorded).}}
| |