Date: Fri, 29 Mar 2024 13:25:47 +0000 (GMT) Message-ID: <132941795.4763.1711718747359@wiki.4psa.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_4762_1511446420.1711718747359" ------=_Part_4762_1511446420.1711718747359 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Applies to all VoipNow versions!= span>
There are two ways in which you can send the SIP traffic to Homer: eithe= r by mirroring the swich port of your VoipNow server, or using Homer's Capt= ure Agent. The latter is installed on the VoipNow server and sends HEP pack= ets to the Capture Node. The Capture Node, which can be installed according= to the instructions found here, must be configured to accept packets eith= er from SIP mirroring or Capture Agents. This article explains both me= thods.
This method does not require any work on your VoipNow server.
If the switch supports it, simply mirror the VoipNow port to the Capture= Node port. Then edit the Kamailio config file to receive these packet= s.
Here is an example of the Kamailio configuration from a CaptureNode with= the IP 10.150.20.85 configured to receive SIP packets from port mirroring.=
Please note the commented HEP sections commented and the non-commented m= irroring ones.
#!KAMAILIO # # Example configuration file for a sipcapture node # ####### Global Parameters definitions ######### # # Please, make all your configuration changes here # # *** To enable extra stats # - define WITH_STATISTIC_METHOD_EXTRA # - define WITH_STATISTIC_INVITE_1XX #!substdef "!HOMER_DB_USER!homer_user!g" #!substdef "!HOMER_DB_PASSWORD!homer_password!g" #!substdef "!HOMER_LISTEN_PROTO!udp!g" #!substdef "!HOMER_LISTEN_IF!0.0.0.0!g" #!substdef "!HOMER_LISTEN_PORT!9060!g" ####### Global Parameters ######### debug=3D1 log_stderror=3Dno memdbg=3D5 memlog=3D5 log_facility=3DLOG_LOCAL1 fork=3Dyes children=3D5 /* uncomment the next line to disable TCP (default on) */ disable_tcp=3Dyes /* IP and port for HEP capturing) */ #listen=3DHOMER_LISTEN_PROTO:HOMER_LISTEN_IF:HOMER_LISTEN_PORT /* enable it only in mirroring scenario, not for HEP! */ #!define SIPCAPTURE_MIRRORING_PORT #Max loops max_while_loops=3D100 loadmodule "pv.so" loadmodule "db_mysql.so" loadmodule "sipcapture.so" loadmodule "textops.so" loadmodule "rtimer.so" loadmodule "xlog.so" loadmodule "sqlops.so" loadmodule "htable.so" loadmodule "tm.so" loadmodule "sl.so" loadmodule "siputils.so" loadmodule "exec.so" modparam("htable", "htable", "a=3D>size=3D8;autoexpire=3D400") modparam("htable", "htable", "b=3D>size=3D8;autoexpire=3D31") # TODO: tune autoexpire setting for htable "c" modparam("htable", "htable", "c=3D>size=3D8;autoexpire=3D31") modparam("rtimer", "timer", "name=3Dta;interval=3D60;mode=3D1;") modparam("rtimer", "exec", "timer=3Dta;route=3DTIMER_STATS") modparam("sqlops","sqlcon","cb=3D>mysql://HOMER_DB_USER:HOMER_DB_PASSWOR= D@127.0.0.1/homer_statistic") # ----- mi_fifo params ----- ####### Routing Logic ######## modparam("sipcapture", "db_url", "mysql://HOMER_DB_USER:HOMER_DB_PASSWORD@1= 27.0.0.1/homer_data") modparam("sipcapture", "capture_on", 1) modparam("sipcapture", "hep_capture_on", 1) modparam("sipcapture", "insert_retries", 5) modparam("sipcapture", "insert_retry_timeout", 10) #!ifdef SIPCAPTURE_MIRRORING_PORT /* IP to listen. Port/Portrange apply only on mirroring port capturing */ modparam("sipcapture", "raw_socket_listen", "10.150.20.85:5060-5080") /* Name of interface to bind on raw socket */ modparam("sipcapture", "raw_interface", "eth0") /* activate monitoring/mirroring port capturing */ modparam("sipcapture", "raw_moni_capture_on", 1) /* children for raw socket */ modparam("sipcapture", "raw_sock_children", 4) /* Linux only */ /* Promiscious mode RAW socket. Mirroring port. */ modparam("sipcapture", "promiscious_on", 1) /* activate BPF */ modparam("sipcapture", "raw_moni_bpf_on", 1) #endif /* insert delayed */ #modparam("sipcapture", "db_insert_mode", 1) #Stats time stats.min =3D 5 desc "My stats TIME min"
The SIP routing logic section is omitted as it is common for both HEP an= d mirroring scenarios.
Homer's Capture Agent allows you to capture SIP traffic from any Linux s= erver. For up-to-date instructions, check Homer's install= ation guide.
Before you proceed, please install the following packages.
yum ins= tall expat expat-devel libpcap libpcap libtool automake autoconf
Then get the source files from the GIT repo and install the Ca= pture Agent.
cd /usr= /src git clone https://github.com/sipcapture/captagent.git captagent cd captagent/captagent ./build.sh ./configure make && make install
Check that the capture agent is running:
# capta= gent -h usage: captagent <-vh> <-f config> -h is help/usage -v is version information -f is the config file -D is use specified pcap file instead of a device from the config -c is checkout -d is daemon mode
Now that the capture agent is operational, you need to configure it = to send packets to the Capture Node.
Here is an example for a c=
onfiguration file. The Capture Node is at 10.150.20.87, UDP port 9000. The =
file is located by default in /usr/local/etc/captagent/captagent=
.xml
<?xml version=3D"1.0"?> <document type=3D"captagent/xml"> <configuration name=3D"core.conf" description=3D"CORE Settings"&= gt; <settings> <param name=3D"debug" value=3D"3"/> <param name=3D"daemon" value=3D"true"/> <param name=3D"syslog" value=3D"false"/> <param name=3D"pid_file" value=3D"/var/run/captagent.pid"/&g= t; <param name=3D"path" value=3D"/usr/local/lib/captagent/modul= es"/> </settings> </configuration> <configuration name=3D"modules.conf" description=3D"Modules"> <modules> <load module=3D"core_hep"/> <load module=3D"proto_uni"/> <load module=3D"proto_rtcp"/> <load module=3D"capt_cli"/> </modules> </configuration> <!-- CORE MODULES --> <configuration name=3D"core_hep.conf" description=3D"HEP Socket"= > <settings> <param name=3D"version" value=3D"3"/> <param name=3D"capture-host" value=3D"10.150.20.87"/> <param name=3D"capture-port" value=3D"9000"/> <param name=3D"capture-proto" value=3D"udp"/> <param name=3D"capture-id" value=3D"2001"/> <param name=3D"capture-password" value=3D"myHep"/> <param name=3D"payload-compression" value=3D"false" /> </settings> </configuration> <!-- PROTOCOLS --> <configuration name=3D"proto_uni.conf" description=3D"UNI Proto = Basic capture"> <settings> <param name=3D"port" value=3D"5060"/> <!-- <param name=3D"portrange" value=3D"5060-5090"/> -= -> <!-- use -D flag for pcap import use "any" for all interfaces in your system --> <param name=3D"dev" value=3D"eth0"/> <param name=3D"promisc" value=3D"true"/> <!-- comment it if you want to see all IPProto (tcp/udp) --> <param name=3D"ip-proto" value=3D"udp"/> <param name=3D"proto-type" value=3D"sip"/> <param name=3D"sip-parse" value=3D"true"/> <param name=3D"rtcp-tracking" value=3D"true"/> <param name=3D"reasm" value=3D"false"/> <param name=3D"tcpdefrag" value=3D"false"/> <param name=3D"debug" value =3D"false"/> <param name=3D"buildin-reasm-filter" value=3D"false"/> <!-- <param name=3D"expire-timer" value =3D"60"/> <param name=3D"expire-rtcp" value =3D"120"/> --> <!-- <param name=3D"filter" value=3D"not src port 5099"/&= gt; --> <!-- <param name=3D"vlan" value=3D"false"/> --> <!-- ((ip[6:2] & 0x3fff !=3D 0) - syntax for REA= SM packets if capturing sip messages, you can filter by metho= d you can specify which method to NOT match with ! <param name=3D"sip_method" value=3D"INVITE"/>= ; --> </settings> </configuration> <configuration name=3D"proto_rtcp.conf" description=3D"RTCP capt= ure"> <settings> <!-- <param name=3D"portrange" value=3D"5060-5090"/> -= -> <param name=3D"dev" value=3D"eth0"/> <param name=3D"promisc" value=3D"true"/> <param name=3D"debug" value =3D"false"/> <!-- <param name=3D"rtcp-json" value=3D"false"/> -->= ; <!-- <param name=3D"send-sdes" value=3D"false"/> -->= ; <!-- <param name=3D"filter" value=3D"and not src port 509= 9"/> --> <!-- <param name=3D"vlan" value=3D"false"/> --> </settings> </configuration> <!-- CLI --> <configuration name=3D"capt_cli.conf" description=3D"CLI socket"= > <settings> <param name=3D"cli-host" value=3D"localhost"/> <param name=3D"cli-port" value=3D"8909"/> <param name=3D"cli-password" value=3D"12345"/> </settings> </configuration> </document>
The actual config file might have a different format in future versions,= so don't copy the entire file - use it strictly as an example.
The lines we're most interested in are the following:
#captur= e node IP <param name=3D"capture-host" value=3D"10.150.20.87"/> #capture node port <param name=3D"capture-port" value=3D"9000"/> #capture node protocol <param name=3D"capture-proto" value=3D"udp"/> #capture agent SIP port <param name=3D"port" value=3D"5060"/> #capture agent interface <param name=3D"dev" value=3D"eth0"/>
The config file of the Capture Node Kamailio looks like this:
#!KAMAILIO # # Example configuration file for a sipcapture node # ####### Global Parameters definitions ######### # # Please, make all your configuration changes here # # *** To enable extra stats # - define WITH_STATISTIC_METHOD_EXTRA # - define WITH_STATISTIC_INVITE_1XX #!substdef "!HOMER_DB_USER!homer_user!g" #!substdef "!HOMER_DB_PASSWORD!homer_password!g" #!substdef "!HOMER_LISTEN_PROTO!udp!g" #!substdef "!HOMER_LISTEN_IF!0.0.0.0!g" #!substdef "!HOMER_LISTEN_PORT!9000!g" ####### Global Parameters ######### debug=3D1 log_stderror=3Dno memdbg=3D5 memlog=3D5 log_facility=3DLOG_LOCAL1 fork=3Dyes children=3D5 /* uncomment the next line to disable TCP (default on) */ disable_tcp=3Dyes /* IP and port for HEP capturing) */ listen=3DHOMER_LISTEN_PROTO:HOMER_LISTEN_IF:HOMER_LISTEN_PORT #Max loops max_while_loops=3D100 loadmodule "pv.so" loadmodule "db_mysql.so" loadmodule "sipcapture.so" loadmodule "textops.so" loadmodule "rtimer.so" loadmodule "xlog.so" loadmodule "sqlops.so" loadmodule "htable.so" loadmodule "tm.so" loadmodule "sl.so" loadmodule "siputils.so" loadmodule "exec.so" modparam("htable", "htable", "a=3D>size=3D8;autoexpire=3D400") modparam("htable", "htable", "b=3D>size=3D8;autoexpire=3D31") # TODO: tune autoexpire setting for htable "c" modparam("htable", "htable", "c=3D>size=3D8;autoexpire=3D31") modparam("rtimer", "timer", "name=3Dta;interval=3D60;mode=3D1;") modparam("rtimer", "exec", "timer=3Dta;route=3DTIMER_STATS") modparam("sqlops","sqlcon","cb=3D>mysql://HOMER_DB_USER:HOMER_DB_PASSWOR= D@127.0.0.1/homer_statistic") # ----- mi_fifo params ----- ####### Routing Logic ######## modparam("sipcapture", "db_url", "mysql://HOMER_DB_USER:HOMER_DB_PASSWORD@1= 27.0.0.1/homer_data") modparam("sipcapture", "capture_on", 1) modparam("sipcapture", "hep_capture_on", 1) modparam("sipcapture", "insert_retries", 5) modparam("sipcapture", "insert_retry_timeout", 10) #modparam("sipcapture", "capture_node", "homer01") #Stats time stats.min =3D 5 desc "My stats TIME min"
The lines we're interested in are the following:
#make c= apture node kamailio listen on any IP, udp port 9000 substdef "!HOMER_LISTEN_PROTO!udp!g" substdef "!HOMER_LISTEN_IF!0.0.0.0!g" substdef "!HOMER_LISTEN_PORT!9000!g"
Now you can start the Capture Agent in daemon mode.
captage= nt -d
It will start sending packets to 10.150.20.87 and, if configured c= orrectly, you should already see them in Homer's web interface.
If you see errors like these when you start the captagent, it means that= Kamailio on the capture node is not listening at the specified address or = it is unreachable.
[ERR] c= ore_hep.c:535 send error [ERR] core_hep.c:535 send error [ERR] core_hep.c:535 send error
This might be the easiest way to send HEP packets to Homer.
sngrep = port 5060 -H udp:10.150.20.87:9000 --no-interface -q 1<&- &
For more details on sngrep, check this KB article.