data not showing in homer

[mfremont1]

I hope this is a simple issue.

I installed homer and am able to login to the web interface.

I installed sngrep and using it as a capture agent for now anyway.

I ran the following sngrep port 5060 -H udp:10.10.10.10:9060 replacing 10.10.x.x with the homer IP.

logged in with a sip phone and placed a call. I see it in the sngrep interface (also ran wireshark) saw the registration and the actual call.

I can not find this data in Homer5. Is there a place to check to make sure sngrep is sending it correctly to homer and is there a way to check or see what may be blocking it.

Any advice would be great.

Have not used captagent6 as the wiki is not complete to understand the configs.

thanks for any help.

[adubovikov]

do you see any HEP packets on the interface ?

On 22.04.2016 20:13, mfremont1 wrote:

I hope this is a simple issue.

I installed homer and am able to login to the web interface.

I installed sngrep and using it as a capture agent for now anyway.

I ran the following sngrep port 5060 -H udp:10.10.10.10:9060 replacing 10.10.x.x with the homer IP.

logged in with a sip phone and placed a call. I see it in the sngrep interface (also ran wireshark) saw the registration and the actual call.

I can not find this data in Homer5. Is there a place to check to make sure sngrep is sending it correctly to homer and is there a way to check or see what may be blocking it.

Any advice would be great.

Have not used captagent6 as the wiki is not complete to understand the configs.

thanks for any help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166

[mfremont1]

I know I saw sip packets but didn’t look for HEP packets specially? Being new to HEP what should I be looking for those?

M

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 1:58 PM To: sipcapture/homer homer@noreply.github.com Cc: Mike Fremont Mike.Fremont@keypathedu.com; Author author@noreply.github.com Subject: Re: [sipcapture/homer] data not showing in homer (#166)

do you see any HEP packets on the interface ?

On 22.04.2016 20:13, mfremont1 wrote:

I hope this is a simple issue.

I installed homer and am able to login to the web interface.

I installed sngrep and using it as a capture agent for now anyway.

I ran the following sngrep port 5060 -H udp:10.10.10.10:9060 replacing 10.10.x.x with the homer IP.

logged in with a sip phone and placed a call. I see it in the sngrep interface (also ran wireshark) saw the registration and the actual call.

I can not find this data in Homer5. Is there a place to check to make sure sngrep is sending it correctly to homer and is there a way to check or see what may be blocking it.

Any advice would be great.

Have not used captagent6 as the wiki is not complete to understand the configs.

thanks for any help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213552758

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

[adubovikov]

capture port 9060 and check if you see any packets started from HEP3 (ascii) and SIP as body ....

On 22.04.2016 21:01, mfremont1 wrote:

I know I saw sip packets but didn’t look for HEP packets specially? Being new to HEP what should I be looking for those?

M

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 1:58 PM To: sipcapture/homer homer@noreply.github.com Cc: Mike Fremont Mike.Fremont@keypathedu.com; Author author@noreply.github.com Subject: Re: [sipcapture/homer] data not showing in homer (#166)

do you see any HEP packets on the interface ?

On 22.04.2016 20:13, mfremont1 wrote:

I hope this is a simple issue.

I installed homer and am able to login to the web interface.

I installed sngrep and using it as a capture agent for now anyway.

I ran the following sngrep port 5060 -H udp:10.10.10.10:9060 replacing 10.10.x.x with the homer IP.

logged in with a sip phone and placed a call. I see it in the sngrep interface (also ran wireshark) saw the registration and the actual call.

I can not find this data in Homer5. Is there a place to check to make sure sngrep is sending it correctly to homer and is there a way to check or see what may be blocking it.

Any advice would be great.

Have not used captagent6 as the wiki is not complete to understand the configs.

thanks for any help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213552758

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166#issuecomment-213554503

[mfremont1]

So I just did another test to get a clean sample. I ran sngrep port 5060 -H 10.x.x.x:9060

I saw the register and the phone call. I did not see any HEP packets. Attached is the pcap from sngrep.

Shouldn’t I have seen the registration in Homer5 since it was captured in the sngrep even with no HEP packets?

Thanks M

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 2:03 PM To: sipcapture/homer homer@noreply.github.com Cc: Mike Fremont Mike.Fremont@keypathedu.com; Author author@noreply.github.com Subject: Re: [sipcapture/homer] data not showing in homer (#166)

capture port 9060 and check if you see any packets started from HEP3 (ascii) and SIP as body ....

On 22.04.2016 21:01, mfremont1 wrote:

I know I saw sip packets but didn’t look for HEP packets specially? Being new to HEP what should I be looking for those?

M

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 1:58 PM To: sipcapture/homer homer@noreply.github.com<mailto:homer@noreply.github.com> Cc: Mike Fremont Mike.Fremont@keypathedu.com<mailto:Mike.Fremont@keypathedu.com>; Author author@noreply.github.com<mailto:author@noreply.github.com> Subject: Re: [sipcapture/homer] data not showing in homer (#166)

do you see any HEP packets on the interface ?

On 22.04.2016 20:13, mfremont1 wrote:

I hope this is a simple issue.

I installed homer and am able to login to the web interface.

I installed sngrep and using it as a capture agent for now anyway.

I ran the following sngrep port 5060 -H udp:10.10.10.10:9060 replacing 10.10.x.x with the homer IP.

logged in with a sip phone and placed a call. I see it in the sngrep interface (also ran wireshark) saw the registration and the actual call.

I can not find this data in Homer5. Is there a place to check to make sure sngrep is sending it correctly to homer and is there a way to check or see what may be blocking it.

Any advice would be great.

Have not used captagent6 as the wiki is not complete to understand the configs.

thanks for any help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213552758

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166#issuecomment-213554503

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213555430

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

[adubovikov]

no packets - no charts ;-)

On 22.04.2016 21:15, mfremont1 wrote:

So I just did another test to get a clean sample. I ran sngrep port 5060 -H 10.x.x.x:9060

I saw the register and the phone call. I did not see any HEP packets. Attached is the pcap from sngrep.

Shouldn’t I have seen the registration in Homer5 since it was captured in the sngrep even with no HEP packets?

Thanks M

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 2:03 PM To: sipcapture/homer homer@noreply.github.com Cc: Mike Fremont Mike.Fremont@keypathedu.com; Author author@noreply.github.com Subject: Re: [sipcapture/homer] data not showing in homer (#166)

capture port 9060 and check if you see any packets started from HEP3 (ascii) and SIP as body ....

On 22.04.2016 21:01, mfremont1 wrote:

I know I saw sip packets but didn’t look for HEP packets specially? Being new to HEP what should I be looking for those?

M

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 1:58 PM To: sipcapture/homer homer@noreply.github.com<mailto:homer@noreply.github.com> Cc: Mike Fremont Mike.Fremont@keypathedu.com<mailto:Mike.Fremont@keypathedu.com>; Author author@noreply.github.com<mailto:author@noreply.github.com> Subject: Re: [sipcapture/homer] data not showing in homer (#166)

do you see any HEP packets on the interface ?

On 22.04.2016 20:13, mfremont1 wrote:

I hope this is a simple issue.

I installed homer and am able to login to the web interface.

I installed sngrep and using it as a capture agent for now anyway.

I ran the following sngrep port 5060 -H udp:10.10.10.10:9060 replacing 10.10.x.x with the homer IP.

logged in with a sip phone and placed a call. I see it in the sngrep interface (also ran wireshark) saw the registration and the actual call.

I can not find this data in Homer5. Is there a place to check to make sure sngrep is sending it correctly to homer and is there a way to check or see what may be blocking it.

Any advice would be great.

Have not used captagent6 as the wiki is not complete to understand the configs.

thanks for any help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166

— You are receiving this because you authored the thread. Reply to this email directly or view it on

GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213552758

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166#issuecomment-213554503

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213555430

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166#issuecomment-213558558

[mfremont1]

So we are using Genesys Sip server.

Is there a way to force HEP packets as I thought the tool only needed the sip traffic to at least get some data.

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 2:25 PM To: sipcapture/homer homer@noreply.github.com Cc: Mike Fremont Mike.Fremont@keypathedu.com; Author author@noreply.github.com Subject: Re: [sipcapture/homer] data not showing in homer (#166)

no packets - no charts ;-)

On 22.04.2016 21:15, mfremont1 wrote:

So I just did another test to get a clean sample. I ran sngrep port 5060 -H 10.x.x.x:9060

I saw the register and the phone call. I did not see any HEP packets. Attached is the pcap from sngrep.

Shouldn’t I have seen the registration in Homer5 since it was captured in the sngrep even with no HEP packets?

Thanks M

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 2:03 PM To: sipcapture/homer homer@noreply.github.com<mailto:homer@noreply.github.com> Cc: Mike Fremont Mike.Fremont@keypathedu.com<mailto:Mike.Fremont@keypathedu.com>; Author author@noreply.github.com<mailto:author@noreply.github.com> Subject: Re: [sipcapture/homer] data not showing in homer (#166)

capture port 9060 and check if you see any packets started from HEP3 (ascii) and SIP as body ....

On 22.04.2016 21:01, mfremont1 wrote:

I know I saw sip packets but didn’t look for HEP packets specially? Being new to HEP what should I be looking for those?

M

From: Alexandr Dubovikov [mailto:notifications@github.com] Sent: Friday, April 22, 2016 1:58 PM To: sipcapture/homer homer@noreply.github.com<mailto:homer@noreply.github.com<mailto:homer@noreply.github.com%3cmailto:homer@noreply.github.com>> Cc: Mike Fremont Mike.Fremont@keypathedu.com<mailto:Mike.Fremont@keypathedu.com<mailto:Mike.Fremont@keypathedu.com%3cmailto:Mike.Fremont@keypathedu.com>>; Author author@noreply.github.com<mailto:author@noreply.github.com<mailto:author@noreply.github.com%3cmailto:author@noreply.github.com>> Subject: Re: [sipcapture/homer] data not showing in homer (#166)

do you see any HEP packets on the interface ?

On 22.04.2016 20:13, mfremont1 wrote:

I hope this is a simple issue.

I installed homer and am able to login to the web interface.

I installed sngrep and using it as a capture agent for now anyway.

I ran the following sngrep port 5060 -H udp:10.10.10.10:9060 replacing 10.10.x.x with the homer IP.

logged in with a sip phone and placed a call. I see it in the sngrep interface (also ran wireshark) saw the registration and the actual call.

I can not find this data in Homer5. Is there a place to check to make sure sngrep is sending it correctly to homer and is there a way to check or see what may be blocking it.

Any advice would be great.

Have not used captagent6 as the wiki is not complete to understand the configs.

thanks for any help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166

— You are receiving this because you authored the thread. Reply to this email directly or view it on

GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213552758

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166#issuecomment-213554503

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213555430

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/sipcapture/homer/issues/166#issuecomment-213558558

— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213560926

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

[lmangani]

@mfremont1 Homer leverages capture agents sending encapsulated data, not raw SIP. Could you confirm you have ran the following on the HOMER server while running sngrep and performing a test call?

ngrep -W byline port 9060

[mfremont1]

I have not run that command.

But I think you just nailed it why it doesn’t work. I thought Homer5 could leverage raw SIP. Not sure in our environment I am able to encapsulate or even have the HEP packages as we are using a Genesys Sip server and it does not have HEP natively. (or that I am aware of)

From: Lorenzo Mangani [mailto:notifications@github.com] Sent: Friday, April 22, 2016 3:09 PM To: sipcapture/homer homer@noreply.github.com Cc: Mike Fremont Mike.Fremont@keypathedu.com; Mention mention@noreply.github.com Subject: Re: [sipcapture/homer] data not showing in homer (#166)

@mfremont1https://github.com/mfremont1 Homer leverages capture agents sending encapsulated data, not raw SIP. Could you confirm you have ran the following on the HOMER server while running sngrep and performing a test call?

ngrep -W byline port 9060

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213573410

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

[lmangani]

@mfremont1 Homer / Kamailio can also capture bare SIP from a raw socket, if needed, but in your case the best option would probably be to install and configure an instance of captagent on each system being monitored. We have rpm/deb packages available on the repository, you just need to configure your HEP server in transport_hep.xml and capture filter in socket_pcap.xml for the basics.

[mfremont1]

So does the captagent act as the HEP server then? Also our sip server runs on windows and I did not see a install for windows but may have missed it.

From: Lorenzo Mangani [mailto:notifications@github.com] Sent: Friday, April 22, 2016 3:20 PM To: sipcapture/homer homer@noreply.github.com Cc: Mike Fremont Mike.Fremont@keypathedu.com; Mention mention@noreply.github.com Subject: Re: [sipcapture/homer] data not showing in homer (#166)

@mfremont1https://github.com/mfremont1 Homer / Kamailio can also capture bare SIP from a raw socket, if needed, but in your case the best option would probably be to install and configure an instance of captagent on each system being monitored. We have rpm/deb packages available on the repository, you just need to configure your HEP server in transport_hep.xml and capture filter in socket_pcap.xml for the basics.

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHubhttps://github.com/sipcapture/homer/issues/166#issuecomment-213575851

Notice: This email, including any attachments, may contain confidential, privileged and/or proprietary information, and is intended for the named recipient(s), only. If you are not the intended recipient, you are hereby notified that disclosing, copying, distributing or taking any action in reliance on the content of this email is strictly prohibited. Please contact the sender by reply email if you received this email in error, and destroy all copies of the original message.

[lmangani]

Not really. In Homer-land a Capture Agent is really the client, and Capture Server.. the server. So a Captagent instance running on your SIP softswitch would basically sniff, encapsulate and mirror your traffic according to the network filters and ship it to a Capture Server using the HEP protocol.

[lmangani]

Closing - feel free to reopen if useful