Heplify treats every packet as unknown

[fabiantorress]

Hi, I am newbie using heplify.

I am mirroring all the packets from an Asterisk server to my homer server on port 4789, in which I am also running my heplify agent. I am receiving all the packets but in my heplify logs I see the following:

2023-07-21T15:07:10-04:00 INFO Stats {received dropped-os dropped-int}: {15593 0 0}
2023-07-21T15:07:10-04:00 INFO Packets since last minute sent: 0
2023-07-21T15:08:10-04:00 INFO Packets since last minute IPv4: 1257, IPv6: 0, UDP: 1257, TCP: 1257, SCTP: 0, RTCP: 0, RTCPFail: 0, DNS: 0, HEP: 0, duplicate: 0, fragments: 0, unknown: 1257

All the packets are treated as unkown. I think that is why is not shown in the Homer Web UI.

This is the command that I use to run the heplify agent: /usr/local/bin/heplify -i eth0 -pr 4789-4790 -hs ip-homer-app:9060 -dim NOTIFY,SUBSCRIBE,OPTIONS

Can someone help me with my issue?

Thanks.

[lmangani]

Your packets are most likely encapsulated. Add further details such as how you are mirroring the traffic. You should probably just install/run it over your Asterisk to confirm if the issue is with the mirroring technique.

[fabiantorress]

Yes, they are encapsulated in a VXLAN header. Is there a workaround for this?

Also, I am using AWS Traffic Mirroring to to capture the UDP packets.

[lmangani]

You can try something like the following to use the included decoder which supports VXLAN

/usr/local/bin/heplify -i eth0 -bpf "port 4789" -hs ip-homer-app:9060

[fabiantorress]

It works, thanks @lmangani