Manual export of pcap files from spooldir: Difference between revisions

From VoIPmonitor.org
Jump to navigation Jump to search
No edit summary
Line 20: Line 20:
  3.Call-ID (CwA8j-SNSN)
  3.Call-ID (CwA8j-SNSN)
  4.Location of your spooldir ('spooldir' option is defined in /etc/voipmonitor.conf)
  4.Location of your spooldir ('spooldir' option is defined in /etc/voipmonitor.conf)
====If your GUI is working====
example : [[File: cdr_detail_for_export_pcap_default.jpg]]
====If your GUI is not working====
You can ask database for those CDR's values with a query like this ( it will list calls of a caller starting with '+222' in date 2017-02-01:
mysql> select cdr.calldate,cdr.caller,cdr.called,cdr.id as cdrID,cdr_next.fbasename as callID from cdr,cdr_next where cdr.id=cdr_next.cdr_ID and cdr.calldate >= '2017-02-01 00:00:00' and cdr.calldate < '2017-02-02 00:00:00' and cdr.caller like '+222%';


example : [[File: cdr_detail_for_export_pcap_default.jpg]]


=== export SIP pcap ===
=== export SIP pcap ===

Revision as of 15:53, 8 February 2017

Notes

RTP format: With default config shipped with latest voipmonitor sensor, is RTP compression enabled into LZO in time of capture - those LZOed files are tared into RTP archives based on date-hourminute of a call start and its call's call-id.

option pcap_dump_zip_rtp = lzo

SIP format: With default config shipped with latest voipmonitor sensor, is SIP compression enabled after tar archive was created:

option tar_compress_sip = gzip


Export pcap file with default config used

precondition

call needs to be captured with sensor's compression settings like in default voipmonitor.conf (no change to compression options)

pcap_dump_zip_rtp = lzo
option tar_compress_sip = gzip

information needed from CDR detail for export

You will need:

1.CDR.id (103)
2.Date time of a call start (2016-08-23 16:37:38)
3.Call-ID (CwA8j-SNSN)
4.Location of your spooldir ('spooldir' option is defined in /etc/voipmonitor.conf)

If your GUI is working

example :

If your GUI is not working

You can ask database for those CDR's values with a query like this ( it will list calls of a caller starting with '+222' in date 2017-02-01:

mysql> select cdr.calldate,cdr.caller,cdr.called,cdr.id as cdrID,cdr_next.fbasename as callID from cdr,cdr_next where cdr.id=cdr_next.cdr_ID and cdr.calldate >= '2017-02-01 00:00:00' and cdr.calldate < '2017-02-02 00:00:00' and cdr.caller like '+222%';


export SIP pcap

From spooldir location (by default its '/var/spool/voipmonitor' and calldate start '2016-08-23 16:37:38' in example and from CALL-ID header 'CwA8j-SNSN' you can write command:

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/16/37/SIP/sip_2016-08-23-16-37.tar.gz' 'CwA8j-SNSN.pcap*' > /tmp/expsip.pcap

export RTP pcap

First we will need to get lzo positions from database (calldate start '2016-08-23 16:37:38'in example and from CALL-ID header 'CwA8j-SNSN' you can write a query), type=2 (means RTP filetype):

mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = '2016-08-23 16:37:38';

Returned:

pos: 0
pos: 164352
pos: 328704
pos: 493056
4 rows in set (0,00 sec)

Second we use positions returned from db to export RTP and unLZO using voipmonitor binary:

/usr/local/sbin/voipmonitor -kc -d /var/spool/voipmonitor/ --untar-gui='/var/spool/voipmonitor//2016-08-23/16/37/RTP/rtp_2016-08-23-16-37.tar CwA8j-SNSN.pcap 0,164352,328704,493056 /tmp/exprtp.pcap'

merge SIP and RTP into one file

mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap


Export pcap file when LZO compression disabled for RTP in config

preconditions

call captured when sensor's compression settings changed from default voipmonitor.conf

pcap_dump_zip_rtp = no
option tar_compress_sip = gzip

information needed to collect from CDR

From picture in section above you will need:

2.Date time of a call start
3.Call-ID

export SIP pcap

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/SIP/sip_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportSIP.pcap

export RTP pcap

tar --wildcards -xOf '/var/spool/voipmonitor/2016-08-23/15/27/RTP/rtp_2016-08-23-15-27.tar' 'R3YqlN7pnY.pcap*' > ./exportRTP.pcap

merge SIP and RTP into one file

mergecap -w /tmp/export.pcap /tmp/exportSIP.pcap /tmp/exportRTP.pcap