Sniffer installation: Difference between revisions

From VoIPmonitor.org
(Add Sensor ID configuration and System Resource Considerations sections)
(Undo revision 10318 by Admin (talk))
Tag: Undo
 
(22 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:Sniffer Installation Guide}}
[[Category:Installation]]


'''This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method for all modern Linux distributions is to use the pre-compiled static binary.'''
'''This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method is the pre-compiled static binary.'''


== Recommended Method: Static Binary Installation ==
== Understanding VoIPmonitor Components ==
A static binary includes all necessary libraries and is the quickest and most reliable way to get the sensor running on any supported Linux distribution with a kernel version of 2.6.18 or newer.


=== Step 1: Download the Correct Archive ===
VoIPmonitor consists of two separate components:
First, download the latest stable binary for your system's architecture from the official website.


;For 64-bit (x86_64) Systems (most common):
{| class="wikitable"
<syntaxhighlight lang="bash">
|-
wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz
! Component !! Description !! Requirements
</syntaxhighlight>
|-
| '''Sniffer / Sensor''' (This Guide) || Static binary that captures and analyzes VoIP traffic. Self-contained - no web server, PHP, or local database required. || Linux (kernel 2.6.18+), root privileges
|-
| '''Web GUI''' || PHP web interface for viewing data and configuration. || Web server (Apache/Nginx), PHP, MySQL/MariaDB. See [[GUI_installation|GUI Installation Guide]]
|}
 
{{Tip|The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.}}
 
== Installation Overview ==
 
<kroki lang="plantuml">
@startuml
skinparam shadowing false
skinparam defaultFontName Arial
skinparam activity {
  BackgroundColor #E8F4FD
  BorderColor #4A90E2
}
 
start
:Download static binary archive;
note right: wget from voipmonitor.org
:Extract and run install-script.sh;
note right: Installs binary, config, service
:Edit /etc/voipmonitor.conf;
note right: Database, interface, id_sensor
:Start and enable service;
note right: systemctl start/enable
:Verify traffic capture;
note right: journalctl -u voipmonitor -f
stop
 
@enduml
</kroki>
 
== Step 1: Download the Static Binary ==
 
Download the archive for your system architecture:
 
{| class="wikitable"
|-
! Architecture !! Download Command
|-
| '''64-bit (x86_64)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|-
| '''32-bit (i686)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|-
| '''ARM (Raspberry Pi)''' || <code>wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz</code>
|}
 
{{Note|If the primary URL hangs (common on Debian 11/12), use the alternative: <code>wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz</code>}}
 
== Step 2: Extract and Install ==


;For 32-bit (i686) Systems:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz
tar xzf voipmonitor-sniffer.tar.gz
cd voipmonitor-*-static
sudo ./install-script.sh
</syntaxhighlight>
</syntaxhighlight>


;For ARMv6/v7 (e.g., Raspberry Pi):
The script installs:
<syntaxhighlight lang="bash">
* Binary to <code>/usr/local/sbin/voipmonitor</code>
wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz
* Config to <code>/etc/voipmonitor.conf</code>
</syntaxhighlight>
* Service to <code>/etc/init.d/voipmonitor</code>


=== Step 2: Extract and Run the Install Script ===
{{Note|The service '''always runs as root''' regardless of installation prompts - this is required for packet capture privileges.}}
The downloaded archive contains an installation script that automates the setup process.
<syntaxhighlight lang="bash">
# Extract the archive
tar xzf voipmonitor-sniffer.tar.gz


# Navigate into the newly created directory
== Step 3: Configure ==
# The 'cd voipmonitor-*' command will work regardless of the exact version number
cd voipmonitor-*-static


# Run the installation script with root privileges
Edit the configuration file:
./install-script.sh
</syntaxhighlight>
The `install-script.sh` will:
* Copy the `voipmonitor` binary to `/usr/local/sbin/`.
* Copy the default configuration file to `/etc/voipmonitor.conf`.
* Copy the service startup script to `/etc/init.d/voipmonitor`.
* Attempt to enable the service to start on boot.


=== Step 3: Initial Configuration ===
After the installation, you must edit the main configuration file to connect the sensor to your database and set basic parameters.
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
nano /etc/voipmonitor.conf
nano /etc/voipmonitor.conf
</syntaxhighlight>
</syntaxhighlight>
At a minimum, configure your [[Sniffer_configuration#MySQL_Options|database connection settings]] and the [[Sniffer_configuration#Basic_Options|network interface]] to monitor.


==== Sensor ID Configuration (for Multi-Sensor Deployments) ====
Essential settings:
If you are deploying multiple sniffer instances (either on the same server with multiple network interfaces, or on different servers), you must assign a '''unique sensor ID''' to each instance.
 
{| class="wikitable"
|-
! Parameter !! Description !! Example
|-
| <code>mysqlhost</code> || Database server address || <code>192.168.1.100</code>
|-
| <code>mysqldb</code> || Database name || <code>voipmonitor</code>
|-
| <code>mysqluser</code> || Database user || <code>voipmonitor</code>
|-
| <code>mysqlpassword</code> || Database password || <code>secret</code>
|-
| <code>interface</code> || Network interface to monitor || <code>eth0</code>
|-
| <code>id_sensor</code> || Unique ID (1-65535) for multi-sensor deployments || <code>1</code>
|}
 
For complete configuration options, see [[Sniffer_configuration|Sniffer Configuration Reference]].


* Set a unique numeric identifier (1-65535) for this sensor:
=== System Resource Requirements ===
<code>id_sensor = 1</code>


* The sensor ID is stored in the <code>cdr.id_sensor</code> database column and allows you to distinguish which sensor captured each call.
{| class="wikitable"
* This is '''essential''' in multi-sensor deployments, distributed architectures, or when using the Client/Server mode.
|-
* Leave this parameter ''unset'' (default) if you only have a single sensor deployment.
! Resource !! Recommendation
|-
| '''CPU''' || Main capture thread (t0) uses 1 core. Monitor <code>t0CPU</code> - if >90%, consider faster CPU or additional sensors.
|-
| '''RAM''' || 2-4 GB for <500 calls; 8-16 GB for 2000+ calls. Account for MySQL if co-located.
|-
| '''Disk I/O''' || HDD: ~2000 concurrent calls. SSD/RAID WriteBack for higher throughput.
|-
| '''Storage''' || Plan based on [[Data_Cleaning|retention policy]] and daily call volume.
|}


For detailed information, see [[Sniffer_configuration#id_sensor|id_sensor configuration]].
For performance tuning, see [[Scaling|Scaling and Performance Tuning]].


==== System Resource Considerations ====
== Step 4: Start the Service ==
Before deploying a sniffer on a new server, ensure the server has adequate CPU, RAM, and disk I/O resources for your expected traffic load.


* '''CPU:''' The main packet capture thread (t0) runs on a single CPU core. A modern Xeon with 2+ cores is recommended for production environments. Monitor t0CPU usage in logs – if consistently above 90-95%, you may need a faster CPU or additional sensors.
<syntaxhighlight lang="bash">
* '''RAM:''' Minimum 2-4 GB is recommended for small deployments (under 500 concurrent calls). For high traffic (2000+ concurrent calls), consider 8-16 GB RAM. If MySQL/MariaDB runs on the same server, carefully allocate RAM to avoid OOM killer events. See [[Scaling|Scaling and Performance Tuning]] for detailed formulas.
systemctl start voipmonitor
* '''Disk I/O:''' If recording audio, ensure adequate disk performance. A standard 7200 RPM SATA drive can handle ~2000 concurrent calls with full recording. For higher throughput, use SSD or RAID with WriteBack cache policy.
systemctl enable voipmonitor
* '''Storage:''' Plan storage capacity based on your retention policy. Estimate space needed for PCAP files and CDR data based on average call duration and expected daily call volume.
</syntaxhighlight>


For detailed performance tuning and scaling guidance, refer to the [[Scaling|Performance Tuning and Scaling guide]].
Other commands: <code>systemctl stop voipmonitor</code>, <code>systemctl status voipmonitor</code>


=== Step 4: Service Management (systemd) ===
For advanced systemd configuration, see [[Systemd_for_voipmonitor_service_management|systemd Service Management]].
Modern Linux distributions use `systemd` to manage services. Use the following commands to control the sniffer:


;Start the service:
== Step 5: Verify ==
:<syntaxhighlight lang="bash">systemctl start voipmonitor</syntaxhighlight>
;Stop the service:
:<syntaxhighlight lang="bash">systemctl stop voipmonitor</syntaxhighlight>
;Check the service status:
:<syntaxhighlight lang="bash">systemctl status voipmonitor</syntaxhighlight>
;Enable the service to start automatically on boot:
:<syntaxhighlight lang="bash">systemctl enable voipmonitor</syntaxhighlight>


For a more detailed `systemd` service file template and advanced options, please see the [[Systemd_for_voipmonitor_service_management|systemd guide]].
<syntaxhighlight lang="bash">
# Check service status
systemctl status voipmonitor


=== Step 5: Verification ===
# Monitor live logs
After starting the service, verify that it is running correctly and capturing traffic:
journalctl -u voipmonitor -f
</syntaxhighlight>


* Check service status:
Look for output like <code>calls[X][Y] PS[...] SQLq[0]</code> confirming traffic capture.
<syntaxhighlight lang="bash">systemctl status voipmonitor</syntaxhighlight>
You should see <code>Active: active (running)</code>.


* Monitor live logs for traffic capture statistics:
If no calls appear, see [[Sniffer_troubleshooting|Sniffer Troubleshooting]].
<syntaxhighlight lang="bash">journalctl -u voipmonitor -f</syntaxhighlight>
Look for periodic output like <code>traffic[X Mb/s] calls[X] queue[0]</code> to confirm the sensor is detecting traffic on the configured network interface.


=== Troubleshooting Download Issues ===
== Downloading Specific Versions ==
If the primary download URL hangs or fails (especially on Debian 11/12), this is often caused by issues with the chain of redirects to SourceForge mirrors. In such cases, use the alternative direct download link that bypasses the redirects:
 
For specific versions or automation:


;Alternative direct download for 64-bit systems:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz
# Specific version (replace VERSION, e.g., 2025.07.1)
</syntaxhighlight>
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-VERSION-static.tar.gz
 
# Example
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-2025.07.1-static.tar.gz


;Alternative direct download for 32-bit systems:
# Historical releases with SS7 module
<syntaxhighlight lang="bash">
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz
wget https://download.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz
</syntaxhighlight>
</syntaxhighlight>


;Alternative direct download for ARMv6/v7:
Direct download URLs work without portal login - ideal for automation, CI/CD, Ansible, Puppet, etc.
<syntaxhighlight lang="bash">
wget https://download.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz
</syntaxhighlight>


This alternative URL provides a direct download from voipmonitor.org, avoiding the redirect chain and potential SourceForge-related issues.
== Advanced Installation ==


== Advanced & Special Installation Cases ==
=== Legacy OS (CentOS 6, older glibc) ===


=== Installing a Specific or Older Version ===
# Download the '''oldest available''' binary from the [https://www.voipmonitor.org/download-sniffer download page] (better glibc compatibility)
If you need a specific version (e.g., one that includes the Wireshark SS7 module), you can find historical releases on the [https://sourceforge.net/projects/voipmonitor/files/ VoIPmonitor SourceForge page].
# If GUI shows ionCube errors, install the "Linux glibc2.4 (64 bits)" loader from [https://www.ioncube.com/loaders.php ioncube.com]


Copy the download link for the desired file and use it with the `wget` command from Step 1.
=== Manual Development Build Upgrade ===
;Example for version 20.4.4 with the SS7 module:
<syntaxhighlight lang="bash">
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz
</syntaxhighlight>
Then proceed with the extraction and installation as described above.


=== Installing a Development Build (Manual Upgrade) ===
If instructed by the support team, you can manually upgrade to a new development build.
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# Create a temporary directory and download the new build
mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
tar xzf sniffer.tar.gz
tar xzf sniffer.tar.gz


# Stop the current service and back up the old binary
systemctl stop voipmonitor
systemctl stop voipmonitor
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
# Copy the new binary into place and start the service
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
systemctl start voipmonitor
systemctl start voipmonitor
</syntaxhighlight>
</syntaxhighlight>


=== Compiling from Source ===
=== Compiling from Source (ARM64/Special Cases) ===
For developers or special use cases, you can compile the sniffer from its source code. This is '''not''' the recommended method for most users.
;Clone the master branch (stable):
:<syntaxhighlight lang="bash">git clone https://github.com/voipmonitor/sniffer.git</syntaxhighlight>
;Or clone the develop branch (latest features):
:<syntaxhighlight lang="bash">git clone -b develop https://github.com/voipmonitor/sniffer.git</syntaxhighlight>
Then follow the instructions in the `README` file within the repository.


=== Example of compiling from the source (e.g. for arm64) ===
{{Note|Only for developers or when static binary is unavailable (e.g., ARM64/aarch64).}}
Debian12


apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev
<syntaxhighlight lang="bash">
# Install dependencies (Debian 12)
apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev \
    libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev \
    libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev \
    libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev \
    liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev


cd /usr/src
# Clone and compile
git clone https://github.com/voipmonitor/sniffer.git
cd /usr/src
cd sniffer
git clone https://github.com/voipmonitor/sniffer.git
./configure
cd sniffer
make
./configure
# if exists old binary
make
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static


  mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
# Install
 
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static # backup if exists
Add these lines to the config:
mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
systemctl restart voipmonitor
</syntaxhighlight>


For automatic git-based upgrades, add to <code>/etc/voipmonitor.conf</code>:
<syntaxhighlight lang="ini">
upgrade_by_git = yes
upgrade_by_git = yes
git_folder = /usr/src/sniffer
git_folder = /usr/src/sniffer
 
</syntaxhighlight>
AND restart:
service voipmonitor restart


== Uninstallation ==
== Uninstallation ==
To completely remove the VoIPmonitor sensor from a system, follow these steps.


=== For systemd-based Systems (Recommended) ===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# 1. Stop and disable the service
systemctl stop voipmonitor
systemctl stop voipmonitor
systemctl disable voipmonitor
systemctl disable voipmonitor
# 2. Remove the service files and binary
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/init.d/voipmonitor
rm -f /etc/init.d/voipmonitor
rm -f /usr/local/sbin/voipmonitor
rm -f /usr/local/sbin/voipmonitor
# 3. Reload systemd to apply changes
systemctl daemon-reload
systemctl daemon-reload
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup
</syntaxhighlight>


# 4. (Optional) Back up and remove the configuration file
{{Warning|1='''Spool directory contains PCAP files and recordings!''' Only delete if you no longer need this data: <code>rm -rf /var/spool/voipmonitor</code>}}
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup


# 5. (Optional) Delete the spool directory (contains all captured data)
== See Also ==
# WARNING: This is irreversible!
# rm -rf /var/spool/voipmonitor
</syntaxhighlight>


=== For older SysV-based Systems ===
* [[Sniffer_configuration|Sniffer Configuration Reference]]
Run the following commands to stop the service and remove its files:
* [[Sniffer_troubleshooting|Sniffer Troubleshooting]]
<syntaxhighlight lang="bash">
* [[Sniffer_distributed_architecture|Distributed Architecture: Client-Server Mode]]
/etc/init.d/voipmonitor stop
* [[Scaling|Scaling and Performance Tuning]]
update-rc.d voipmonitor remove
* [[Data_Cleaning|Data Cleaning and Retention]]
rm -f /etc/init.d/voipmonitor
* [[Systemd_for_voipmonitor_service_management|systemd Service Management]]
rm -f /usr/local/sbin/voipmonitor
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup
</syntaxhighlight>


== AI Summary for RAG ==
== AI Summary for RAG ==
'''Summary:''' This guide provides a step-by-step process for installing the VoIPmonitor sensor (sniffer). The primary and recommended method is using the pre-compiled static binary, which involves downloading the correct archive for the system architecture (64-bit, 32-bit, or ARM), extracting it, and running the included `install-script.sh`. The guide details the post-installation steps: editing `/etc/voipmonitor.conf`, configuring the sensor ID for multi-sensor deployments (`id_sensor`), verifying system resource requirements (CPU, RAM, disk I/O, storage), managing the service with `systemctl` (start, stop, enable), and monitoring live logs for traffic capture verification. For download issues on Debian 11/12 or other systems where the primary URL fails or hangs due to SourceForge redirect issues, an alternative direct download URL is available at `https://download.voipmonitor.org/` which bypasses the redirect chain. It also covers advanced scenarios, such as installing a specific older version from SourceForge, manually upgrading to a development build, and compiling from source via `git clone`. Finally, it provides complete uninstallation procedures for both modern `systemd` systems and older `SysV` systems, including commands to remove binaries, configuration files, and service links.
 
'''Keywords:''' install, installation, setup, sniffer, sensor, static binary, install-script.sh, download, wget, tar.gz, systemd, systemctl, enable on boot, start service, id_sensor, sensor ID, multi-sensor deployment, unique sensor, system resources, CPU, RAM, disk I/O, storage, performance, monitoring, t0CPU, verify, traffic capture, verify logs, compile from source, git, development build, upgrade, uninstall, remove, SysV, init.d, arm, x86_64, download issues, redirect, SourceForge, alternative download URL
'''Summary:''' Step-by-step guide for installing VoIPmonitor sensor (sniffer) using pre-compiled static binaries. Process: download correct archive for architecture (64-bit, 32-bit, ARM), run <code>install-script.sh</code>, configure <code>/etc/voipmonitor.conf</code> (database, interface, id_sensor), start with systemctl. Service always runs as root. Direct download URLs (<code>https://download.voipmonitor.org/...</code>) work without login for automation. Covers system requirements (CPU t0 thread, RAM 2-16GB based on call volume, disk I/O), specific version downloads, legacy OS compatibility, compiling from source for ARM64, and uninstallation.
 
'''Keywords:''' install, installation, sniffer, sensor, static binary, install-script.sh, download, wget, systemd, systemctl, id_sensor, multi-sensor, ARM64, aarch64, Raspberry Pi, compile from source, git, upgrade_by_git, uninstall, CentOS 6, legacy, automation, CI/CD, direct download
 
'''Key Questions:'''
'''Key Questions:'''
* How do I install the VoIPmonitor sniffer?
* How do I install the VoIPmonitor sniffer?
* What is the recommended way to install VoIPmonitor?
* Where can I download the sensor static binary?
* Where can I download the latest static binary for the sensor?
* How do I configure id_sensor for multi-sensor deployments?
* What does the `install-script.sh` do?
* What are the CPU and RAM requirements?
* How do I configure a unique sensor ID for multi-sensor deployments?
* How do I start and enable the voipmonitor service?
* What is id_sensor and when is it required?
* What if the download URL hangs or fails?
* What are the minimum CPU and RAM requirements for VoIPmonitor?
* How do I install on legacy CentOS 6?
* How much disk space and I/O do I need for VoIPmonitor?
* How do I compile from source on ARM64?
* How do I start the voipmonitor service and enable it on boot?
* How do I uninstall VoIPmonitor?
* How do I verify the sniffer is capturing network traffic?
* What are the direct download URLs for automation?
* How can I install an older version of the sniffer?
* How do I completely uninstall or remove the VoIPmonitor sensor?
* What do I do if the wget download hangs or fails on Debian 11/12?
* What is the alternative direct download URL if the primary URL fails?
* How to compile the sniffer from source code?

Latest revision as of 11:18, 9 January 2026


This guide provides step-by-step instructions for installing the VoIPmonitor sensor (sniffer). The recommended method is the pre-compiled static binary.

Understanding VoIPmonitor Components

VoIPmonitor consists of two separate components:

Component Description Requirements
Sniffer / Sensor (This Guide) Static binary that captures and analyzes VoIP traffic. Self-contained - no web server, PHP, or local database required. Linux (kernel 2.6.18+), root privileges
Web GUI PHP web interface for viewing data and configuration. Web server (Apache/Nginx), PHP, MySQL/MariaDB. See GUI Installation Guide

💡 Tip: The sniffer and GUI are designed to run independently. You can deploy multiple sniffers sending data to a single central GUI, or install both on the same server for small deployments.

Installation Overview

Step 1: Download the Static Binary

Download the archive for your system architecture:

Architecture Download Command
64-bit (x86_64) wget https://www.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz -O voipmonitor-sniffer.tar.gz
32-bit (i686) wget https://www.voipmonitor.org/current-stable-sniffer-static-32bit.tar.gz -O voipmonitor-sniffer.tar.gz
ARM (Raspberry Pi) wget https://www.voipmonitor.org/current-stable-sniffer-static-armv6k.tar.gz -O voipmonitor-sniffer.tar.gz

ℹ️ Note: If the primary URL hangs (common on Debian 11/12), use the alternative: wget https://download.voipmonitor.org/current-stable-sniffer-static-64bit.tar.gz

Step 2: Extract and Install

tar xzf voipmonitor-sniffer.tar.gz
cd voipmonitor-*-static
sudo ./install-script.sh

The script installs:

  • Binary to /usr/local/sbin/voipmonitor
  • Config to /etc/voipmonitor.conf
  • Service to /etc/init.d/voipmonitor

ℹ️ Note: The service always runs as root regardless of installation prompts - this is required for packet capture privileges.

Step 3: Configure

Edit the configuration file: 

nano /etc/voipmonitor.conf

Essential settings:

Parameter Description Example
mysqlhost Database server address 192.168.1.100
mysqldb Database name voipmonitor
mysqluser Database user voipmonitor
mysqlpassword Database password secret
interface Network interface to monitor eth0
id_sensor Unique ID (1-65535) for multi-sensor deployments 1

For complete configuration options, see Sniffer Configuration Reference.

System Resource Requirements

Resource Recommendation
CPU Main capture thread (t0) uses 1 core. Monitor t0CPU - if >90%, consider faster CPU or additional sensors.
RAM 2-4 GB for <500 calls; 8-16 GB for 2000+ calls. Account for MySQL if co-located.
Disk I/O HDD: ~2000 concurrent calls. SSD/RAID WriteBack for higher throughput.
Storage Plan based on retention policy and daily call volume.

For performance tuning, see Scaling and Performance Tuning.

Step 4: Start the Service

systemctl start voipmonitor
systemctl enable voipmonitor

Other commands: systemctl stop voipmonitor, systemctl status voipmonitor

For advanced systemd configuration, see systemd Service Management.

Step 5: Verify

# Check service status
systemctl status voipmonitor

# Monitor live logs
journalctl -u voipmonitor -f

Look for output like calls[X][Y] PS[...] SQLq[0] confirming traffic capture.

If no calls appear, see Sniffer Troubleshooting.

Downloading Specific Versions

For specific versions or automation: 

# Specific version (replace VERSION, e.g., 2025.07.1)
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-VERSION-static.tar.gz

# Example
wget https://download.voipmonitor.org/sniffer-develop/voipmonitor-amd64-2025.07.1-static.tar.gz

# Historical releases with SS7 module
wget https://sourceforge.net/projects/voipmonitor/files/20.4/voipmonitor-wireshark-amd64-20.4.4-static.tar.gz/download -O voipmonitor-sniffer.tar.gz

Direct download URLs work without portal login - ideal for automation, CI/CD, Ansible, Puppet, etc.

Advanced Installation

Legacy OS (CentOS 6, older glibc)

  1. Download the oldest available binary from the download page (better glibc compatibility)
  2. If GUI shows ionCube errors, install the "Linux glibc2.4 (64 bits)" loader from ioncube.com

Manual Development Build Upgrade

mkdir /tmp/new-sniffer && cd /tmp/new-sniffer
wget https://download.voipmonitor.org/some-development-build.tar.gz -O sniffer.tar.gz
tar xzf sniffer.tar.gz

systemctl stop voipmonitor
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
cp voipmonitor-*-static/voipmonitor /usr/local/sbin/voipmonitor
systemctl start voipmonitor

Compiling from Source (ARM64/Special Cases)

ℹ️ Note: Only for developers or when static binary is unavailable (e.g., ARM64/aarch64). 

# Install dependencies (Debian 12)
apt install git make g++ unixodbc-dev libvorbis-dev libmp3lame-dev libmpg123-dev \
    libpcap-dev libssl-dev libsnappy-dev libcurl4-openssl-dev libicu-dev libpng-dev \
    libjpeg-dev libfftw3-dev libjson-c-dev librrd-dev libglib2.0-dev libxml2-dev \
    libmariadb-dev-compat libmariadb-dev libzstd-dev liblz4-dev liblzma-dev \
    liblzo2-dev gnutls-dev libgcrypt-dev libgoogle-perftools-dev

# Clone and compile
cd /usr/src
git clone https://github.com/voipmonitor/sniffer.git
cd sniffer
./configure
make

# Install
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.static  # backup if exists
mv /usr/src/sniffer/voipmonitor /usr/local/sbin/voipmonitor
systemctl restart voipmonitor

For automatic git-based upgrades, add to /etc/voipmonitor.conf: 

upgrade_by_git = yes
git_folder = /usr/src/sniffer

Uninstallation

systemctl stop voipmonitor
systemctl disable voipmonitor
rm -f /etc/systemd/system/voipmonitor.service
rm -f /etc/init.d/voipmonitor
rm -f /usr/local/sbin/voipmonitor
systemctl daemon-reload
mv /etc/voipmonitor.conf /etc/voipmonitor.conf.backup

⚠️ Warning: Spool directory contains PCAP files and recordings! Only delete if you no longer need this data: rm -rf /var/spool/voipmonitor

See Also

AI Summary for RAG

Summary: Step-by-step guide for installing VoIPmonitor sensor (sniffer) using pre-compiled static binaries. Process: download correct archive for architecture (64-bit, 32-bit, ARM), run install-script.sh, configure /etc/voipmonitor.conf (database, interface, id_sensor), start with systemctl. Service always runs as root. Direct download URLs (https://download.voipmonitor.org/...) work without login for automation. Covers system requirements (CPU t0 thread, RAM 2-16GB based on call volume, disk I/O), specific version downloads, legacy OS compatibility, compiling from source for ARM64, and uninstallation.

Keywords: install, installation, sniffer, sensor, static binary, install-script.sh, download, wget, systemd, systemctl, id_sensor, multi-sensor, ARM64, aarch64, Raspberry Pi, compile from source, git, upgrade_by_git, uninstall, CentOS 6, legacy, automation, CI/CD, direct download

Key Questions:

  • How do I install the VoIPmonitor sniffer?
  • Where can I download the sensor static binary?
  • How do I configure id_sensor for multi-sensor deployments?
  • What are the CPU and RAM requirements?
  • How do I start and enable the voipmonitor service?
  • What if the download URL hangs or fails?
  • How do I install on legacy CentOS 6?
  • How do I compile from source on ARM64?
  • How do I uninstall VoIPmonitor?
  • What are the direct download URLs for automation?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Sniffer_installation&oldid=10321"