SIP search generates an invalid pcap file

[hitokiri82]

When doing a SIP search, if I choose the ResultType PCAP, I do get a pcap file, but it is reported by Wireshark and by https://packettotal.com/ as an invalid pcap file.

[lmangani]

Related to #62

[hitokiri82]

I'm not sure is related, because I do get a pcap file, which I've run through pcapfix which reports the following errors with the file:

[] Reading from file: /tmp/phpqoQUff [] Writing to file: fixed_phpqoQUff [] File size: 17461 bytes. [] Unknown file type. Assuming PCAP format. [] Analyzing Global Header... [-] Magic number: 0xb2c3d40a [-] Major version number: 673 [-] Minor version number: 1024 [+] GTM to local correction: 0 [+] Accuracy of timestamps: 0 [-] Max packet length: 26214400 [-] Data link type: 256 [-] The global pcap header seems to be missing ==> CORRECTED! [] Analyzing packets... [-] CORRUPTED Packet #1 at position 0 (2999178250 | 67109537 | 0 | 0). [+] FOUND NEXT Packet #2 at position 25 (1518537341 | 457743 | 1097 | 1097). [-] Packet #1 at position 0 is invalid ==> SKIPPING. [+] Packet #2 at position 25 (1518537341 | 457743 | 1097 | 1097). [+] Packet #3 at position 1138 (1518537341 | 457916 | 394 | 394). [+] Packet #4 at position 1548 (1518537341 | 458716 | 908 | 908). [+] Packet #5 at position 2472 (1518537341 | 573727 | 349 | 349). [+] Packet #6 at position 2837 (1518537341 | 594306 | 1367 | 1367). [+] Packet #7 at position 4220 (1518537341 | 594432 | 394 | 394). [+] Packet #8 at position 4630 (1518537341 | 827640 | 870 | 870). [+] Packet #9 at position 5516 (1518537341 | 829977 | 1542 | 1542). [+] Packet #10 at position 7074 (1518537341 | 833070 | 1164 | 1164). [+] Packet #11 at position 8254 (1518537341 | 931066 | 402 | 402). [+] Packet #12 at position 8672 (1518537341 | 938685 | 474 | 474). [+] Packet #13 at position 9162 (1518537350 | 494293 | 1542 | 1542). [+] Packet #14 at position 10720 (1518537350 | 495349 | 460 | 460). [+] Packet #15 at position 11196 (1518537350 | 502018 | 1211 | 1211). [+] Packet #16 at position 12423 (1518537350 | 795695 | 861 | 861). [+] Packet #17 at position 13300 (1518537350 | 831074 | 1034 | 1034). [+] Packet #18 at position 14350 (1518537351 | 60334 | 821 | 821). [+] Packet #19 at position 15187 (1518537352 | 600757 | 433 | 433). [+] Packet #20 at position 15636 (1518537352 | 617456 | 591 | 591). [+] Packet #21 at position 16243 (1518537352 | 692401 | 644 | 644). [-] LAST PACKET MISMATCH (1518537352 | 832226 | 543 | 543) [+] CORRECTED Packet #22 at position 16903 (1518537352 | 832226 | 542 | 543). [+] Packet #22 at position 16903 (1518537352 | 832226 | 542 | 543). [*] Wrote 22 packets to file. [+] SUCCESS: 7 Corruption(s) fixed!

After it's been fixed I can open the file using Wireshark and see all the SIP packages from the call.

This seems to me a problem with how the pcap file is generated while #62 seems to me a front-end issue.

[lmangani]

I see, you did not specify the contents were actually there, you just said invalid :) Reopening - could you attach the PCAP before and after the fix? I can't currently replicate one.

[hitokiri82]

Sure. Also, I'm using the multi container version of the app.

[lmangani]

Ready to re-test - thanks

[hitokiri82]

I re-tested, still getting invalid pcap file.

[lmangani]

If you could provide a sample here or privately? I can't quite reproduce it, if other users are please step forward :)

[hitokiri82]

How can I get the pcap file to you privately?

[lmangani]

support at sipcapture dot org

[hitokiri82]

Sent

[mmughal01]

I get the same issue that Wireshark reports that the downloaded pcap file is corrupt. If I revert to the previous version of homer-docker I can successfully download the pcap file.

[tramontano]

I'm having the same issue on multi-container.

[ghost]

also i have this bug

[games130]

i am also experiencing this problem. I am using the latest docker file build on 2018-06-09. Build Code: bqgodfppdgbru3vdtxxitx5

[negbie]

Should be fixed with https://github.com/sipcapture/homer-docker/commit/47975cc49d3bcd8cb3f9897be56652e470e8adb4

Update your preferences.php or your containers when you are using docker.