search

sipcapture / heplify

Portable and Lightweight HEP Capture Agent for HOMER
https://sipcapture.org
GNU Affero General Public License v3.0
185 stars 66 forks source link

Problem on windows 2016 #164

Closed byphone closed 4 years ago

byphone commented 4 years ago

Hi

Tried with last version compiled myself(1.56), and already complied 1.51. Heplify show packets but does't send any packet.

The command is :

heplify -hs 10.65.1.39:9060 -hn BP165APP1 -i "\Device\NPF_{1E710690-BB5A-4919-949C-155ABB84255B}" -e

C:\Users\Administrator\Downloads>heplify -hs 10.65.1.39:9060 -hn BP165APP1 -i "\Device\NPF_{1E710690-BB5A-4919-949C-155ABB84255B}" -e 2020/04/30 07:09:44.799326 sniffer.go:114: INFO config.Config{Iface:(*config.InterfacesConfig)(0xc000027180), Logging:(*logp.Logging)(0xc0000a4190), Mode:"SIPRTCP", Dedup:false, Filter:"", Discard:"", DiscardMethod:"", Zip:false, HepServer:"10.65.1.39:9060", HepNodePW:"", HepNodeID:0x7d2, HepNodeName:"BP165APP1", Network:"udp", Protobuf:false, Reassembly:false} 2020/04/30 07:09:44.800325 sniffer.go:115: INFO &config.InterfacesConfig{Device:"\\Device\\NPF_{1E710690-BB5A-4919-949C-155ABB84255B}", Type:"pcap", ReadFile:"", WriteFile:"", RotationTime:60, PortRange:"5060-5090", WithVlan:false, WithErspan:false, Snaplen:8192, BufferSizeMb:32, ReadSpeed:false, OneAtATime:false, Loop:1} 2020/04/30 07:09:44.805330 sniffer.go:116: INFO bpf: tcp and greater 42 and portrange 5060-5090 or (udp and greater 128 and portrange 5060-5090 or ip[6:2] & 0x1fff != 0 or ip6[6]=44) or (ip and ip[6] & 0x2 = 0 and ip[6:2] & 0x1fff = 0 and udp and udp[8] & 0xc0 = 0x80 and udp[9] >= 0xc8 && udp[9] <= 0xcc) 2020/04/30 07:09:44.806331 sniffer.go:123: INFO ostype: windows, osarch: amd64 2020/04/30 07:10:44.841787 sniffer.go:379: INFO Stats {received dropped-os dropped-int}: {3865 0 0} 2020/04/30 07:10:44.841787 publisher.go:55: INFO Packets since last minute sent: 0 2020/04/30 07:10:44.841787 util.go:100: INFO Packets since last minute IPv4: 0, IPv6: 0, UDP: 0, TCP: 0, RTCP: 0, RTCPFail: 0, DNS: 0, duplicate: 0, fragments: 0, unknown: 0

The windows server is a vm under Proxmox, with Virtio network card, a tcpdump on the target server doesn't show any packet coming from the heplify capture.

If i copy/paste the bpf filter in wiresharck i capture SIP traffic.

Any idea ?

Guillaume

byphone commented 4 years ago

Sorry

byphone commented 4 years ago

Just set the wrong pcap interface, all is working correctly. to get list in windows :

getmac /fo csv /v