Call Detail Record - CDR

From VoIPmonitor.org
Revision as of 16:48, 8 January 2026 by Admin (talk | contribs) (Rewrite: streamlined structure, reduced redundancy (872→342 lines), preserved all key information)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


This guide covers the Call Detail Record (CDR) interface in VoIPmonitor GUI - searching, filtering, and analyzing captured calls.

What is a CDR?

A Call Detail Record (CDR) contains information about a single telephone call:

  • Call timing (start time, duration, connect time)
  • Participant information (caller/called numbers, IP addresses, SIP agents)
  • Signaling details (SIP messages, final response codes)
  • Quality metrics (MOS scores, packet loss, jitter/delay)
  • Media information (codecs, RTP stream data)

How CDR Fields Are Populated

VoIPmonitor populates CDR fields from the SIP INVITE packet:

Field Source
Calling Number From header
Called Number To header (default) or Request-URI
Caller IP Source IP of INVITE packet
Called IP Destination IP of INVITE packet

Configuring Destination Number Source

Control where the called number is extracted from using destination_number_mode in voipmonitor.conf:

Value Behavior
1 (default) From To header
2 From INVITE Request-URI

ℹ️ Note: If caller/called numbers appear "inverted", verify the SIP flow in the SIP History tab - this often indicates callback scenarios where the PBX initiates the call.

Understanding the Main CDR View

The CDR view has three main sections:

The CDR List

Title Bar & Timezone

The title bar displays the current time range. Click dates to quickly change the filter.

Timezone hierarchy (check in this order if times appear incorrect):

  1. Storage (Sniffer): utc and timezone in voipmonitor.conf
  2. GUI Settings: Settings > System Configuration > National > Timezone
  3. Display (CDR View): Timezone selector in top-right corner (user-specific)

Button Panel

Filter Form

The most powerful feature for finding specific calls.

Common Tab

  • Participant Filters: Search by Number, IP, or Domain
    • Use % as wildcard (e.g., 222% for numbers starting with 222)
    • Use , for multiple values, ! for negation
  • Email-formatted SIP addresses: For addresses like anonymous@anonymous.invalid:
    • Enter user part (anonymous) in the Number field
    • Enter domain part (anonymous.invalid) in the Domain field
  • Regular Expressions: Use R() syntax:
    • R(^500[0-9]{4}$) - matches 7-digit numbers starting with 500
    • !R(^[+]?[0-9]+$) - find non-numeric caller numbers
    • R(17145787[2-9]) - number ranges
  • IP Address Include Proxy: Check this box to include proxy chain IPs (from cdrproxy) in the filter
  • SIP Filters:
    • Last SIP Response Code - e.g., 487 or 4% for all 4xx
    • SIP requests - filter by method and count (e.g., INVITE count >= 3 for retransmissions)
    • SIP responses - search full response text

⚠️ Warning: SIP requests filter requires save_sip_history = all or requests. SIP responses filter requires save_sip_history = responses or save_sip_responses = yes.

Finding re-INVITE Calls

Method 1: SIP Requests Count

  • Filter Form > Common > SIP requests: INVITE >= 3

Method 2: Custom Headers (more precise)

  • Configure CDR Custom Headers to capture To header tag
  • Filter by ToTag = % (present = re-INVITE) or ToTag = NULL (absent)

RTP Tab

Filter by quality metrics:

  • RTP IP/Port: Filter by media endpoint addresses
  • MOS: Find calls below a threshold
  • PDV (Jitter): Filter by delay events in specific intervals
  • Loss: Filter by consecutive packet loss patterns
  • Last RTP from Last SIP: Find calls where RTP ended before final SIP (early media stops)

Quick Filters

Access shortcuts for common searches and saved filter templates.

Saving filter templates:

  1. Apply filter criteria
  2. Click Save filter template button
  3. Name your template

Combining templates (OR logic):

  1. Open Filter Form > Combination subtab
  2. Select multiple saved templates
  3. Results show calls matching ANY selected template

Menu

  • Delete: Remove selected CDRs and files
  • Export CSV: Export current view
  • Batch download audio: Download audio for displayed CDRs (limit: 100 records)
  • Create merged PCAP: Combine selected CDRs into one PCAP

💡 Tip: For multi-page exports: create per-page PCAPs, then merge with mergecap -w combined.pcap *.pcap (available at /var/www/html/bin/mergecap-* or via wireshark-common package).

Selecting multiple rows:

  • CTRL+Click - select specific rows
  • SHIFT+Click - select range

CDR List Columns

Key Columns

Column Description
ID Unique record identifier
Sensor ID Capturing sensor name
Datetime Call start time
Duration (PDD) / Codec Total duration, Post-Dial Delay, codec
Caller/Called Info Number, Name, IP, Agent. Red flag indicates BYE sender
Last Response Final SIP response code
RTP IP Addresses Source IPs and ports for both legs

Quality Columns

  • MOS Column: Three parametric scores (see Quality Guide):
    • F1: Fixed 50ms jitter buffer
    • F2: Fixed 200ms jitter buffer
    • Adapt: Adaptive jitter buffer (up to 500ms)
  • Delay Column: Color-coded packet delay variation distribution
  • Loss Column: Color-coded consecutive packet loss (red = burst losses)
  • RTCP Column: Endpoint-reported jitter and loss
  • PRICE Column: Billing costs (hidden by default, enable via column selector)

Sniffer Loss vs RTCP Loss

Scenario Likely Cause
RTCP loss > Sniffer loss Network issue after the sniffer (Wi-Fi, last-mile)
Sniffer loss > RTCP loss Monitoring point overload or RTCP reports not captured

Understanding Last SIP Response

ℹ️ Note: If a call shows 200 OK AND an error code (5xx/4xx), check the Duration: if > 0, the call connected successfully and the error appears in the BYE packet's Reason header (termination reason).

Finding termination reason:

  1. Expand CDR detail > SIP History tab
  2. Find the BYE packet
  3. Click magnifying glass to expand
  4. Look for Reason header

The CDR Detail View

Click the [+] icon on any CDR row to expand the detail view.

Summary Tab

Call Quality Graph

  • Each vertical line = packet group
  • Colored dot = median delay (jitter)
  • Red lines at top = packet loss
  • Clock drift: A steadily climbing/descending graph indicates clock issues, not necessarily network problems

Why high delay causes loss: When packets arrive later than the jitter buffer capacity (typically 50-200ms), they're skipped during playback - detected as packet loss.

Received Packets

Shows packets VoIPmonitor received FROM each endpoint:

Field Meaning
Caller > Received Packets Packets from caller (A-leg)
Called > Received Packets Packets from called party (B-leg)

Empty value indicates one-way stream (no packets captured from that endpoint).

DTMF Section

Shows DTMF digits when capture is enabled:

  • dtmf2db = yes - SIP INFO and RFC 2833
  • inbanddtmf = yes - In-band G.711 (CPU intensive)

RTP Stream Used in Another Call

This informational message indicates the RTP IP:port combination was reused across sessions. Common with aggressive port reuse by PBXs. Not an error.

SIP History Tab

Wireshark-like view of call signaling:

  • Sequence Diagram: Visual SIP message flow
  • Message Table: Text list of all messages
  • Packet Detail: Click magnifying glass for decoded packet tree

Viewing SDP Data

ℹ️ Note: Basic RTP IP/port information is displayed by default in CDR columns - no configuration required. Only advanced SDP inspection requires save_sip_history = all.

To view detailed SDP:

  1. SIP History tab > click INVITE packet
  2. Click magnifying glass to expand
  3. Scroll to SDP section

SDP shows:

  • c= - connection lines (media IPs)
  • m= - media description (ports)
  • a= - attributes (codecs, encryption)

Legs by CID / Legs by Header Tabs

For correlating related call legs. See Merging_or_correlating_multiple_call_legs for details.

  • Legs by CID: Finds calls sharing last 6 digits of From header within seconds
  • Legs by Header: Correlates by custom SIP header (configured via match_header)

💡 Tip: When investigating 487 "Request Cancelled" responses, use Legs by CID to see all related legs - the answered leg shows 200 OK, cancelled legs show 487 (normal forking behavior).

Charts Tab

Displays charts in context of the selected call (e.g., trends for that caller number).

Map Tab

Geolocates source/destination SIP IPs using GeoIP service.

Dashboard Panels

Bottom panels provide aggregated views:

  • Group By: Last SIP Response, Codec, SIP IP, or IP Groups
  • Charts: Pie chart of grouped data
  • Filters: Click any item to apply as filter

Trend Analysis: Group by SIP IP to visualize call volume trends for capacity planning. See Alerts for trend-based alerting.

Limitations

Media Encryption Filtering

Type Support Verification
SRTP/DTLS-SRTP Supported (can decrypt) Check SDP for a=crypto or a=fingerprint
ZRTP Not supported Cannot monitor ZRTP calls

⚠️ Warning: There is no filter for media encryption type. Verify manually via SDP in SIP History tab.

See Also

AI Summary for RAG

Summary: CDR View is the primary VoIPmonitor GUI interface for analyzing calls. Main sections: CDR List (paginated records), Button Panel (filter/export tools), Dashboard (aggregated stats). Filter Form has Common tab (participant info, SIP filters with % wildcard, R() regex) and RTP tab (quality metrics). RTP IP/port shown by default without configuration. SIP request filters require save_sip_history config. Menu provides Delete, Export CSV, Batch download audio (100 limit), Create merged PCAP. Detail View includes Summary tab (quality graph, DTMF), SIP History tab (packet inspection, SDP viewing), Legs tabs (call correlation). 487 responses often indicate normal forking - check Legs by CID. ZRTP not supported.

Keywords: CDR, call detail record, filter, search, MOS, jitter, packet loss, SIP history, call legs, correlation, RTCP, trend analysis, re-INVITE, filter template, batch download, DTMF, SIP retransmissions, SRTP, DTLS, ZRTP, mergecap, RTP IP, RTP port, SDP

Key Questions:

  • How do I filter calls by quality metrics (MOS, jitter, loss)?
  • How do I view SIP message flow for a call?
  • What is the difference between sniffer loss and RTCP loss?
  • How do I detect SIP retransmissions?
  • How do I investigate 487 "Request Cancelled" responses?
  • How do I view RTP ports? (displayed by default, no config needed)
  • How do I create merged PCAP from multiple calls?
  • How do I view SDP data in SIP History?
  • Does VoIPmonitor support ZRTP? (No)
  • How do I save and combine filter templates?
Retrieved from "https://www.voipmonitor.org/doc/index.php?title=Call_Detail_Record_-_CDR&oldid=10132"