Voipmonitor -config-file=/etc/nf -k -v1 -r /tmp/final.pcap #keycheck = /var/as argument to create audio from it in spooldir defined above: #for possible to create audio also from other then g711 codecs( g711 is supported with sniffer directly) you need to have valid license for GUI and enable following option with path to gui's keycheck file Note: the rtp.pcap needs to be de-lzoed first (lzo is default compression method used by sniffer service when rtp stored to spooldir)Īfter you get/have SIP+RTP in a single pcap file you can ask sniffer's binary for create audio file without need to have GUI installed/ db used (works only for g711 calls without the GUI)Ĭhange following options copy of the sniffer's config file - sniffer needs to be set to analyze traffic (not mirror senders): (apt-get install tshark | yum install wireshark) #if path to file is not absolute (/.) it is relative to the spooldir directoryįlush partially written data into tar fileīefore you ask tar binary for file extraction you need to flush data from sniffer first ( if the pcap file is still opened ) using sniffer's api like:Įcho "flush_tar '/var/spool/voipmonitor//15/27/RTP/rtp_-15-27.tar'" |nc 127.0.0.1 Voipmonitor -kc -unlzo-gui='/path/to/rtp.pcap /path/to/rtp-uncompressed.pcap' # if LZO compression for RTP pcaps is enabled This will consume more IO reads as tar file has to be fully scanned, additionally you need to have tar file closed or you need to ask sniffer to flush cashed data if the file is still opened.
#rtp.pcap is already decompressed (no unLZO needed)Īlternative RTP extraction without knowing positions from database Use positions returned from db and extract pcap Mysql> SELECT pos FROM voipmonitor.cdr_tar_part where cdr_id = 103 and type = 2 and calldate = ' 16:37:38' WHERE cdr.id=cdr_next.cdr_ID AND cdr.calldate >= ' 00:00:00' AND cdr.calldate /tmp/expsip.pcap SELECT cdr.calldate,cdr.caller,cdr.called,cdr.id as cdrID,cdr_next.fbasename as callID SIP format: With default nf SIP compression uses gzipĮxport pcap file with default config used Get information about CDR from database RTP format: With default nf RTP pcap chunks are compressed by LZO which are tared and archived in directory in date-hourminute 3.1 flush partially written data into tar file.
3 Alternative RTP extraction without knowing positions from database.2.1 Get information about CDR from database.2 Export pcap file with default config used.
0 kommentar(er)
