Testingpage: Difference between revisions
Tags: Undo Reverted |
No edit summary Tag: Manual revert |
||
| Line 1: | Line 1: | ||
= | === Investigating Specific Missing Calls === | ||
If you have a list of specific phone numbers that should have been recorded but are missing from the CDR database, use this workflow to determine whether the traffic reached the sensor. | |||
'''Step 1: Capture SIP traffic on the VoIPmonitor server''' | |||
Capture SIP traffic to a PCAP file for analysis: | |||
<syntaxhighlight lang="bash"> | |||
as | # Capture SIP traffic (adjust interface and port as needed) | ||
tcpdump -i any -nn -s0 -w /tmp/sip_capture.pcap port 5060 | |||
# Let it run during the time when missing calls occur, then stop with Ctrl+C | |||
</syntaxhighlight> | |||
'''Step 2: Identify missing numbers and approximate call times''' | |||
From your input list, note the specific phone numbers and their approximate call times that are missing from the database. | |||
'''Step 3: Use tshark to find Call-IDs for missing numbers''' | |||
Search the capture file for SIP INVITE messages containing the missing numbers: | |||
<syntaxhighlight lang="bash"> | |||
# Find Call-IDs for a specific missing number | |||
tshark -r /tmp/sip_capture.pcap -Y "sip.Method == INVITE && sip contains \"NUMBER\"" -T fields -e sip.Call-ID | |||
# Replace NUMBER with the actual phone number (e.g., 5551234567) | |||
</syntaxhighlight> | |||
This returns the Call-IDs for calls involving that number. | |||
'''Step 4: Search for Call-IDs in the VoIPmonitor GUI''' | |||
Use the GUI search function to look for each Call-ID found in Step 3: | |||
* Navigate to the CDR view | |||
* Use the search/filter to find calls by Call-ID | |||
* If the Call-ID is found, the call was processed but may be filtered or in a different time range | |||
* If the Call-ID is NOT found, the sensor did not process the call | |||
'''Step 5: Determine the root cause''' | |||
* '''If packets are NOT found in the capture file''': Traffic is not being delivered to the sensor. Check network topology and port mirroring/SPAN configuration. See [[Sniffing_modes]] for SPAN setup. | |||
* '''If packets ARE found in capture but Call-IDs are NOT in GUI''': Sensor received traffic but did not process the calls. Check [[#Missing id_sensor Parameter|id_sensor configuration]], [[#GUI Capture Rules Blocking|capture rules]], or [[Database_troubleshooting|database issues]]. | |||
'''Step 6: Verify record counts with SQL query''' | |||
To verify the number of CDRs for a specific time range: | |||
<syntaxhighlight lang="sql"> | |||
-- Count CDRs for a specific time range | |||
SELECT count(*) FROM cdr | |||
WHERE calldate >= 'YYYY-MM-DD HH:MM:SS' | |||
AND calldate < 'YYYY-MM-DD HH:MM:SS'; | |||
-- For cdr_next table (if using partitioned schema) | |||
SELECT count(*) FROM cdr_next | |||
WHERE cdr_ID IN (SELECT ID FROM cdr | |||
WHERE calldate >= 'YYYY-MM-DD HH:MM:SS' | |||
AND calldate < 'YYYY-MM-DD HH:MM:SS'); | |||
</syntaxhighlight> | |||
{{Tip|This workflow helps distinguish between network delivery issues (packets never reach sensor) and sensor processing issues (packets arrive but are not recorded).}} | |||
Revision as of 00:59, 12 January 2026
Investigating Specific Missing Calls
If you have a list of specific phone numbers that should have been recorded but are missing from the CDR database, use this workflow to determine whether the traffic reached the sensor.
Step 1: Capture SIP traffic on the VoIPmonitor server
Capture SIP traffic to a PCAP file for analysis:
# Capture SIP traffic (adjust interface and port as needed)
tcpdump -i any -nn -s0 -w /tmp/sip_capture.pcap port 5060
# Let it run during the time when missing calls occur, then stop with Ctrl+C
Step 2: Identify missing numbers and approximate call times
From your input list, note the specific phone numbers and their approximate call times that are missing from the database.
Step 3: Use tshark to find Call-IDs for missing numbers
Search the capture file for SIP INVITE messages containing the missing numbers:
# Find Call-IDs for a specific missing number
tshark -r /tmp/sip_capture.pcap -Y "sip.Method == INVITE && sip contains \"NUMBER\"" -T fields -e sip.Call-ID
# Replace NUMBER with the actual phone number (e.g., 5551234567)
This returns the Call-IDs for calls involving that number.
Step 4: Search for Call-IDs in the VoIPmonitor GUI
Use the GUI search function to look for each Call-ID found in Step 3:
- Navigate to the CDR view
- Use the search/filter to find calls by Call-ID
- If the Call-ID is found, the call was processed but may be filtered or in a different time range
- If the Call-ID is NOT found, the sensor did not process the call
Step 5: Determine the root cause
- If packets are NOT found in the capture file: Traffic is not being delivered to the sensor. Check network topology and port mirroring/SPAN configuration. See Sniffing_modes for SPAN setup.
- If packets ARE found in capture but Call-IDs are NOT in GUI: Sensor received traffic but did not process the calls. Check id_sensor configuration, capture rules, or database issues.
Step 6: Verify record counts with SQL query
To verify the number of CDRs for a specific time range:
-- Count CDRs for a specific time range
SELECT count(*) FROM cdr
WHERE calldate >= 'YYYY-MM-DD HH:MM:SS'
AND calldate < 'YYYY-MM-DD HH:MM:SS';
-- For cdr_next table (if using partitioned schema)
SELECT count(*) FROM cdr_next
WHERE cdr_ID IN (SELECT ID FROM cdr
WHERE calldate >= 'YYYY-MM-DD HH:MM:SS'
AND calldate < 'YYYY-MM-DD HH:MM:SS');
💡 Tip: This workflow helps distinguish between network delivery issues (packets never reach sensor) and sensor processing issues (packets arrive but are not recorded).