Manual export of pcap files from spooldir: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
Line 10: Line 10:
== Export pcap file with default config used ==
== Export pcap file with default config used ==
=== precondition ===
=== precondition ===
call needs to be captured with sensor's compression settings like in default voipmonitor.conf
call needs to be captured with sensor's compression settings like in default voipmonitor.conf (no change to compression options)
  pcap_dump_zip_rtp = lzo
  pcap_dump_zip_rtp = lzo
  option tar_compress_sip = gzip
  option tar_compress_sip = gzip

Revision as of 17:44, 23 August 2016

Notes

RTP format: With default config shipped with latest voipmonitor sensor, is RTP compression enabled into LZO in time of capture - those LZOed files are tared into RTP archives based on date-hourminute of a call start and its call's call-id.

option pcap_dump_zip_rtp = lzo

SIP format: With default config shipped with latest voipmonitor sensor, is SIP compression enabled after tar archive was created:

option tar_compress_sip = gzip


Export pcap file with default config used

precondition

call needs to be captured with sensor's compression settings like in default voipmonitor.conf (no change to compression options)

pcap_dump_zip_rtp = lzo
option tar_compress_sip = gzip

information needed from CDR detail for export

You will need:

1.CDR.id (103)
2.Date time of a call start (2016-08-23 16:37:38)
3.Call-ID (CwA8j-SNSN)
4.Location of your spooldir ('spooldir' option is defined in /etc/voipmonitor.conf)

example :

export SIP pcap

From spooldir location (by default its '/var/spool/voipmonitor' and calldate start '2016-08-23 16:37:38' in example and from CALL-ID header 'CwA8j-SNSN' you can write command:

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/16/37/SIP/sip_2016-08-23-16-37.tar.gz' 'CwA8j-SNSN.pcap*' > /tmp/expsip.pcap

export RTP pcap

First we will need to get lzo positions from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query), type=2 (means RTP filetype):

mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38';

Returned:

pos: 0
pos: 164352
pos: 328704
pos: 493056
4 rows in set (0,00 sec)

Second we use positions returned from db to export RTP and unLZO using voipmonitor binary:

/usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap

merge SIP and RTP into one file

mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap


Export pcap file when LZO compression disabled for RTP in config

preconditions

call captured when sensor's compression settings changed from default voipmonitor.conf

pcap_dump_zip_rtp = no
option tar_compress_sip = gzip

information needed to collect from CDR

From picture in section above you will need:

2.Date time of a call start
3.Call-ID

export SIP pcap

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/SIP/sip_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportSIP.pcap

export RTP pcap

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/RTP/rtp_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportRTP.pcap

merge SIP and RTP into one file

mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap