homer does not seem work well with malformed sip messages : relayed BYE not captured

sipcapture / homer

HOMER - 100% Open-Source SIP, VoIP, RTC Packet Capture & Monitoring

https://sipcapture.org

GNU Affero General Public License v3.0

1.61k stars 240 forks source link

homer does not seem work well with malformed sip messages : relayed BYE not captured #574

Closed PJ111288 closed 1 year ago

PJ111288 commented 1 year ago

Hello Fella's,

Happy New Year 2023 :)

I have a query about "homer does not seem work well with malformed sip messages". I have attached logs. Could you please advise on this!

Many Thanks! AS relayed BYE not captured.txt

kYroL01 commented 1 year ago

Hello @PJ111288 .

In your export I can see this BYE

BYE sip:216.158.87.246;did=e657.0dc63532 SIP/2.0
Via: SIP/2.0/UDP 192.168.58.55:65476;branch=z9hG4bK3194c94d;rport
Route: <sip:66.172.62.22;lr;ftag=as094d36e2;dlgcor=e65.cf51;fromcor=ejFwbUZxUmpUUFNBejFwbUZxUmpUUFNBejFwbUZx>
Max-Forwards: 70
From: "12142164459" <sip:12142164459@66.172.62.22>;tag=as094d36e2
To: <sip:12566091940@66.172.62.22:5060>;tag=ejjavj1jUB72F
Call-ID: 4c719d9b62522bd642376d6a299213ef@66.172.62.22
CSeq: 103 BYE
User-Agent: Asterisk PBX GALAXY PLUS VOIP
X-Asterisk-HangupCause: Normal Clearing
X-Asterisk-HangupCauseCode: 16
Content-Length: 0

Are you speaking of another BYE or this one ? Who send the SIP traffic to Homer ? Is this an agent ? From the log we cannot understand too much.

Thank you

PJ111288 commented 1 year ago

Are you speaking of another BYE or this one ? >> Yes.

Who sent the SIP traffic to Homer? Is this an agent? >> Yes, CapAgent installed on Kamailio server-66.172.62.22 from that captures log of it.

Flow is >> Asterisk-192.168.58.55>>Kamailio server-66.172.62.22>>216.158.87.246-Vendor.

attaching kamailio log as well of this call.

Kamailio-Logs.txt

kYroL01 commented 1 year ago

Are you able to see this missing BYE in the database, or has this BYE been discarded from the agent before ? We have to understand this first, as you speak about "malformed SIP message" Can you please double-check?

Thank you

PJ111288 commented 1 year ago

You mean in homer database and Homer agent? If yes so how can i check it because i newbie in homer. I just started to use it!

kYroL01 commented 1 year ago

@PJ111288 I'm referring to the database where Homer is going to read the data.

kYroL01 commented 1 year ago

Did you checked if this malformed BYE was discarded from Captagent or not stored in PosgreSQL database ? Thank you