Manual PCAP Extraction from spooldir: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
Line 30: Line 30:




Returned:
'''Returned:'''
  pos: 0
  pos: 0
  pos: 164352
  pos: 164352
Line 39: Line 39:
Second we use positions returned from db to '''export RTP and unLZO''' using voipmonitor binary:
Second we use positions returned from db to '''export RTP and unLZO''' using voipmonitor binary:
  /usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap
  /usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap


== Export pcap file when LZO compression disabled for RTP in config ==
== Export pcap file when LZO compression disabled for RTP in config ==

Revision as of 17:34, 23 August 2016

Notes

RTP format: With default config shipped with latest voipmonitor sensor, is RTP compression enabled into LZO in time of capture - those LZOed files are tared into RTP archives based on date-hourminute of a call start and its call's call-id.

option pcap_dump_zip_rtp = lzo

SIP format: With default config shipped with latest voipmonitor sensor, is SIP compression enabled after tar archive was created:

option tar_compress_sip = gzip

Export pcap file with default config used

precondition

call needs to be captured with sensor's compression settings like in default voipmonitor.conf

pcap_dump_zip_rtp = lzo
option tar_compress_sip = gzip

Information needed for export from CDR detail

You will need:

1.CDR.id (103)
2.Date time of a call start (2016-08-23 16:37:38)
3.Call-ID (CwA8j-SNSN)
4.Location of your spooldir ('spooldir' option is defined in /etc/voipmonitor.conf)

example :

export SIP pcap

From spooldir location (by default its '/var/spool/voipmonitor' and calldate start '2016-08-23 16:37:38' in example and from CALL-ID header 'CwA8j-SNSN' you can write command:

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/16/37/SIP/sip_2016-08-23-16-37.tar.gz' 'CwA8j-SNSN.pcap*' /tmp/expsip.pcap

export RTP pcap

First we will need to get lzo positions from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query), type=2 (means RTP filetype):

mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38';


Returned:

pos: 0
pos: 164352
pos: 328704
pos: 493056
4 rows in set (0,00 sec)

Second we use positions returned from db to export RTP and unLZO using voipmonitor binary:

/usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap

Export pcap file when LZO compression disabled for RTP in config

preconditions

call captured when sensor's compression settings changed from default voipmonitor.conf

pcap_dump_zip_rtp = no
option tar_compress_sip = gzip

info needed to collect from cdr

Call-ID
Date time of a call start 

export SIP pcap

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/SIP/sip_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportSIP.pcap

export RTP pcap

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/RTP/rtp_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportRTP.pcap

merge SIP and RTP into one file

mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap