Sniffer installation: Difference between revisions

From VoIPmonitor.org
(Undo revision 10234 by Admin (talk))
Tag: Undo
 
(30 intermediate revisions by 4 users not shown)
Line 1: Line 1:
VoIP monitor sniffer can be installed in two ways - either as static binary which will run on any Linux distribution with kernels >= 2.6.18 or compiled from sources.
{{DISPLAYTITLE:Sniffer Installation Guide}}
[[Category:Installation]]


= Static binary =
'''This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method is the pre-compiled static binary.'''


Static binary for 32bit or 64bit can be downloaded from http://www.voipmonitor.org/download pages. Step by step for 64bit linux procedure:
== Understanding VoIPmonitor Components ==


# Stop service first if its running
VoIPmonitor consists of two separate components:
/etc/init.d/voipmonitor stop
# In case it won't stop, press CTRL+C and you can use kill sognall to terminate the process forcefully:
kill -9 `pgrep voipmonitor`


#download unpack and run install script. If you are upgrading already installed sniffer, answer "no" If to overwrite /etc/voipmonitor.conf.
{| class="wikitable"
wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz --content-disposition
|-
tar xzf voipmonitor-*-static.tar.gz
! Component !! Description !! Requirements
cd voipmonitor-*-static
|-
./install-script.sh
| '''Sniffer / Sensor''' (This Guide) || Static binary that captures and analyzes VoIP traffic. Self-contained - no web server, PHP, or local database required. || Linux (kernel 2.6.18+), root privileges
|-
| '''Web GUI''' || PHP web interface for viewing data and configuration. || Web server (Apache/Nginx), PHP, MySQL/MariaDB. See [[GUI_installation|GUI Installation Guide]]
|}


# Now edit configuration file /etc/voipmonitor.conf and run voipmonitor
{{Tip|The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.}}
/etc/init.d/voipmonitor start


If your system uses systemd for services management create a [https://wiki.voipmonitor.org/doc/Systemd_for_voipmonitor_service_management systemd startup script]
== Installation Overview ==


= Compile shared binary =
<kroki lang="plantuml">
@startuml
skinparam shadowing false
skinparam defaultFontName Arial
skinparam activity {
  BackgroundColor #E8F4FD
  BorderColor #4A90E2
}


Please see README.* inside the sources (we recommend to use the static version)
start
:Download static binary archive;
note right: wget from voipmonitor.org
:Extract and run install-script.sh;
note right: Installs binary, config, service
:Edit /etc/voipmonitor.conf;
note right: Database, interface, id_sensor
:Start and enable service;
note right: systemctl start/enable
:Verify traffic capture;
note right: journalctl -u voipmonitor -f
stop


git clone https://github.com/voipmonitor/sniffer.git
@enduml
</kroki>
 
== Step 1: Download the Static Binary ==
 
Download the archive for your system architecture:
 
{| class="wikitable"
|-
! Architecture !! Download Command
|-
| '''64-bit (x86_64)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|-
| '''32-bit (i686)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|-
| '''ARM (Raspberry Pi)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|}
 
{{Note|If the primary URL hangs (common on Debian 11/12), use the alternative: <code>wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz</code>}}
 
== Step 2: Extract and Install ==
 
<syntaxhighlight lang="bash">
tar xzf voipmonitor-sniffer.tar.gz
cd voipmonitor-*-static
sudo ./install-script.sh
</syntaxhighlight>
 
The script installs:
* Binary to <code>/usr/local/sbin/voipmonitor</code>
* Config to <code>/etc/voipmonitor.conf</code>
* Service to <code>/etc/init.d/voipmonitor</code>
 
{{Note|The service '''always runs as root''' regardless of installation prompts - this is required for packet capture privileges.}}
 
== Step 3: Configure ==
 
Edit the configuration file:
 
<syntaxhighlight lang="bash">
nano /etc/voipmonitor.conf
</syntaxhighlight>
 
Essential settings:
 
{| class="wikitable"
|-
! Parameter !! Description !! Example
|-
| <code>mysqlhost</code> || Database server address || <code>192.168.1.100</code>
|-
| <code>mysqldb</code> || Database name || <code>voipmonitor</code>
|-
| <code>mysqluser</code> || Database user || <code>voipmonitor</code>
|-
| <code>mysqlpassword</code> || Database password || <code>secret</code>
|-
| <code>interface</code> || Network interface to monitor || <code>eth0</code>
|-
| <code>id_sensor</code> || Unique ID (1-65535) for multi-sensor deployments || <code>1</code>
|}
 
For complete configuration options, see [[Sniffer_configuration|Sniffer Configuration Reference]].
 
=== System Resource Requirements ===
 
{| class="wikitable"
|-
! Resource !! Recommendation
|-
| '''CPU''' || Main capture thread (t0) uses 1 core. Monitor <code>t0CPU</code> - if >90%, consider faster CPU or additional sensors.
|-
| '''RAM''' || 2-4 GB for <500 calls; 8-16 GB for 2000+ calls. Account for MySQL if co-located.
|-
| '''Disk I/O''' || HDD: ~2000 concurrent calls. SSD/RAID WriteBack for higher throughput.
|-
| '''Storage''' || Plan based on [[Data_Cleaning|retention policy]] and daily call volume.
|}
 
For performance tuning, see [[Scaling|Scaling and Performance Tuning]].
 
== Step 4: Start the Service ==
 
<syntaxhighlight lang="bash">
systemctl start voipmonitor
systemctl enable voipmonitor
</syntaxhighlight>
 
Other commands: <code>systemctl stop voipmonitor</code>, <code>systemctl status voipmonitor</code>
 
For advanced systemd configuration, see [[Systemd_for_voipmonitor_service_management|systemd Service Management]].
 
== Step 5: Verify ==
 
<syntaxhighlight lang="bash">
# Check service status
systemctl status voipmonitor
 
# Monitor live logs
journalctl -u voipmonitor -f
</syntaxhighlight>
 
Look for output like <code>calls[X][Y] PS[...] SQLq[0]</code> confirming traffic capture.
 
If no calls appear, see [[Sniffer_troubleshooting|Sniffer Troubleshooting]].
 
== Downloading Specific Versions ==
 
For specific versions or automation:
 
<syntaxhighlight lang="bash">
# Specific version (replace VERSION, e.g., 2025.07.1)
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-VERSION-static.tar.gz
 
# Example
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-2025.07.1-static.tar.gz
 
# Historical releases with SS7 module
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz
</syntaxhighlight>
 
Direct download URLs work without portal login - ideal for automation, CI/CD, Ansible, Puppet, etc.
 
== Advanced Installation ==
 
=== Legacy OS (CentOS 6, older glibc) ===
 
# Download the '''oldest available''' binary from the [https://www.voipmonitor.org/download-sniffer download page] (better glibc compatibility)
# If GUI shows ionCube errors, install the "Linux glibc2.4 (64 bits)" loader from [https://www.ioncube.com/loaders.php ioncube.com]
 
=== Manual Development Build Upgrade ===
 
<syntaxhighlight lang="bash">
mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
tar xzf sniffer.tar.gz
 
systemctl stop voipmonitor
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
systemctl start voipmonitor
</syntaxhighlight>
 
=== Compiling from Source (ARM64/Special Cases) ===
 
{{Note|Only for developers or when static binary is unavailable (e.g., ARM64/aarch64).}}
 
<syntaxhighlight lang="bash">
# Install dependencies (Debian 12)
apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev \
    libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev \
    libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev \
    libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev \
    liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev
 
# Clone and compile
cd /usr/src
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer
./configure
make
 
# Install
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static  # backup if exists
mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
systemctl restart voipmonitor
</syntaxhighlight>
 
For automatic git-based upgrades, add to <code>/etc/voipmonitor.conf</code>:
<syntaxhighlight lang="ini">
upgrade_by_git = yes
git_folder = /usr/src/sniffer
</syntaxhighlight>
 
== Uninstallation ==
 
<syntaxhighlight lang="bash">
systemctl stop voipmonitor
systemctl disable voipmonitor
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/init.d/voipmonitor
rm -f /usr/local/sbin/voipmonitor
systemctl daemon-reload
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup
</syntaxhighlight>
 
{{Warning|1='''Spool directory contains PCAP files and recordings!''' Only delete if you no longer need this data: <code>rm -rf /var/spool/voipmonitor</code>}}
 
== See Also ==
 
* [[Sniffer_configuration|Sniffer Configuration Reference]]
* [[Sniffer_troubleshooting|Sniffer Troubleshooting]]
* [[Sniffer_distributed_architecture|Distributed Architecture: Client-Server Mode]]
* [[Scaling|Scaling and Performance Tuning]]
* [[Data_Cleaning|Data Cleaning and Retention]]
* [[Systemd_for_voipmonitor_service_management|systemd Service Management]]
 
== AI Summary for RAG ==
 
'''Summary:''' Step-by-step guide for installing VoIPmonitor sensor (sniffer) using pre-compiled static binaries. Process: download correct archive for architecture (64-bit, 32-bit, ARM), run <code>install-script.sh</code>, configure <code>/etc/voipmonitor.conf</code> (database, interface, id_sensor), start with systemctl. Service always runs as root. Direct download URLs (<code>https://download.voipmonitor.org/...</code>) work without login for automation. Covers system requirements (CPU t0 thread, RAM 2-16GB based on call volume, disk I/O), specific version downloads, legacy OS compatibility, compiling from source for ARM64, and uninstallation.
 
'''Keywords:''' install, installation, sniffer, sensor, static binary, install-script.sh, download, wget, systemd, systemctl, id_sensor, multi-sensor, ARM64, aarch64, Raspberry Pi, compile from source, git, upgrade_by_git, uninstall, CentOS 6, legacy, automation, CI/CD, direct download
 
'''Key Questions:'''
* How do I install the VoIPmonitor sniffer?
* Where can I download the sensor static binary?
* How do I configure id_sensor for multi-sensor deployments?
* What are the CPU and RAM requirements?
* How do I start and enable the voipmonitor service?
* What if the download URL hangs or fails?
* How do I install on legacy CentOS 6?
* How do I compile from source on ARM64?
* How do I uninstall VoIPmonitor?
* What are the direct download URLs for automation?

Latest revision as of 22:14, 8 January 2026


This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method is the pre-compiled static binary.

Understanding VoIPmonitor Components

VoIPmonitor consists of two separate components:

Component Description Requirements
Sniffer / Sensor (This Guide) Static binary that captures and analyzes VoIP traffic. Self-contained - no web server, PHP, or local database required. Linux (kernel 2.6.18+), root privileges
Web GUI PHP web interface for viewing data and configuration. Web server (Apache/Nginx), PHP, MySQL/MariaDB. See GUI Installation Guide

💡 Tip: The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.

Installation Overview

Step 1: Download the Static Binary

Download the archive for your system architecture:

Architecture Download Command
64-bit (x86_64) wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz
32-bit (i686) wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz
ARM (Raspberry Pi) wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz

ℹ️ Note: If the primary URL hangs (common on Debian 11/12), use the alternative: wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz

Step 2: Extract and Install

tar xzf voipmonitor-sniffer.tar.gz
cd voipmonitor-*-static
sudo ./install-script.sh

The script installs:

  • Binary to /usr/local/sbin/voipmonitor
  • Config to /etc/voipmonitor.conf
  • Service to /etc/init.d/voipmonitor

ℹ️ Note: The service always runs as root regardless of installation prompts - this is required for packet capture privileges.

Step 3: Configure

Edit the configuration file: 

nano /etc/voipmonitor.conf

Essential settings:

Parameter Description Example
mysqlhost Database server address 192.168.1.100
mysqldb Database name voipmonitor
mysqluser Database user voipmonitor
mysqlpassword Database password secret
interface Network interface to monitor eth0
id_sensor Unique ID (1-65535) for multi-sensor deployments 1

For complete configuration options, see Sniffer Configuration Reference.

System Resource Requirements

Resource Recommendation
CPU Main capture thread (t0) uses 1 core. Monitor t0CPU - if >90%, consider faster CPU or additional sensors.
RAM 2-4 GB for <500 calls; 8-16 GB for 2000+ calls. Account for MySQL if co-located.
Disk I/O HDD: ~2000 concurrent calls. SSD/RAID WriteBack for higher throughput.
Storage Plan based on retention policy and daily call volume.

For performance tuning, see Scaling and Performance Tuning.

Step 4: Start the Service

systemctl start voipmonitor
systemctl enable voipmonitor

Other commands: systemctl stop voipmonitor, systemctl status voipmonitor

For advanced systemd configuration, see systemd Service Management.

Step 5: Verify

# Check service status
systemctl status voipmonitor

# Monitor live logs
journalctl -u voipmonitor -f

Look for output like calls[X][Y] PS[...] SQLq[0] confirming traffic capture.

If no calls appear, see Sniffer Troubleshooting.

Downloading Specific Versions

For specific versions or automation: 

# Specific version (replace VERSION, e.g., 2025.07.1)
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-VERSION-static.tar.gz

# Example
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-2025.07.1-static.tar.gz

# Historical releases with SS7 module
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz

Direct download URLs work without portal login - ideal for automation, CI/CD, Ansible, Puppet, etc.

Advanced Installation

Legacy OS (CentOS 6, older glibc)

  1. Download the oldest available binary from the download page (better glibc compatibility)
  2. If GUI shows ionCube errors, install the "Linux glibc2.4 (64 bits)" loader from ioncube.com

Manual Development Build Upgrade

mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
tar xzf sniffer.tar.gz

systemctl stop voipmonitor
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
systemctl start voipmonitor

Compiling from Source (ARM64/Special Cases)

ℹ️ Note: Only for developers or when static binary is unavailable (e.g., ARM64/aarch64). 

# Install dependencies (Debian 12)
apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev \
    libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev \
    libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev \
    libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev \
    liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev

# Clone and compile
cd /usr/src
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer
./configure
make

# Install
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static  # backup if exists
mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
systemctl restart voipmonitor

For automatic git-based upgrades, add to /etc/voipmonitor.conf: 

upgrade_by_git = yes
git_folder = /usr/src/sniffer

Uninstallation

systemctl stop voipmonitor
systemctl disable voipmonitor
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/init.d/voipmonitor
rm -f /usr/local/sbin/voipmonitor
systemctl daemon-reload
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup

⚠️ Warning: Spool directory contains PCAP files and recordings! Only delete if you no longer need this data: rm -rf /var/spool/voipmonitor

See Also

AI Summary for RAG

Summary: Step-by-step guide for installing VoIPmonitor sensor (sniffer) using pre-compiled static binaries. Process: download correct archive for architecture (64-bit, 32-bit, ARM), run install-script.sh, configure /etc/voipmonitor.conf (database, interface, id_sensor), start with systemctl. Service always runs as root. Direct download URLs (https://download.voipmonitor.org/...) work without login for automation. Covers system requirements (CPU t0 thread, RAM 2-16GB based on call volume, disk I/O), specific version downloads, legacy OS compatibility, compiling from source for ARM64, and uninstallation.

Keywords: install, installation, sniffer, sensor, static binary, install-script.sh, download, wget, systemd, systemctl, id_sensor, multi-sensor, ARM64, aarch64, Raspberry Pi, compile from source, git, upgrade_by_git, uninstall, CentOS 6, legacy, automation, CI/CD, direct download

Key Questions:

  • How do I install the VoIPmonitor sniffer?
  • Where can I download the sensor static binary?
  • How do I configure id_sensor for multi-sensor deployments?
  • What are the CPU and RAM requirements?
  • How do I start and enable the voipmonitor service?
  • What if the download URL hangs or fails?
  • How do I install on legacy CentOS 6?
  • How do I compile from source on ARM64?
  • How do I uninstall VoIPmonitor?
  • What are the direct download URLs for automation?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Sniffer_installation&oldid=10237"