corrupted leg pcap?

[akam-it]

I have two sensor - asterisk A and asterisk B. Also kamailio sip proxy without sensor. In pcap of side B at first leg i have corrupted pcap. Is it bug? (rtp-firstleg = no option didn't help. should it?)

333b6b3d14dea07d0a328fb7493c326b@192.168.8.98_5060.zip

[voipmonitor]

Hi, send /etc/voipmonitor.conf

[akam-it]

Hi, there is sensor side config

[general]

utc = 1
id_sensor = 8105
interface = any
promisc = no
filter = udp
mirror_destination_ip          = astlogs
mirror_destination_port        = 5030
sipport = 5060

pcap_dump_asyncwrite = yes
ringbuffer = 100
packetbuffer_enable             = yes
packetbuffer_compress           = no
max_buffer_mem                  = 1000

# number of threads to process RTP packets. If not specified which is default option it will equal to the number of available CPUs.
# If set to 0 threding is turned off.
#rtpthreads = 0

[voipmonitor]

and server side config please

[akam-it]

[general]
id_sensor = 999
sqldriver = mysql
query_cache = yes
mysqlhost = 127.0.0.1
mysqlport = 3306
mysqlusername = voipmonitor
mysqlpassword = *******
mysqldb = voipmonitor
cdr_partition = yes
mysql_client_compress = no
mysqlcompress = yes
mysqlloadconfig = no
sqlcallend = yes
interface = eth0
promisc = no
filter = udp
threading_mod = 3
mirror_bind_ip               = 192.168.8.90
mirror_bind_port             = 5030
managerip = 127.0.0.1 192.168.8.90
managerport = 5029
sipport = 5060
cdr_sipport = yes
cdr_rtpport = yes
remotepartyid = no
remotepartypriority = no
absolute_timeout = 3600
destroy_call_at_bye = 1200
onewaytimeout = 15
ringbuffer = 50
packetbuffer_enable             = yes
packetbuffer_compress           = no
max_buffer_mem          = 2000
cdrproxy = yes
cdr_ua_enable = yes
sip-register = no
sip-register-timeout = 5
sip-register-active-nologbin = yes
nocdr = no
spooldir = /home/voipmonitor
pcap_dump_bufflength = 8184
pcap_dump_zip = yes
pcap_dump_ziplevel_sip = 6
pcap_dump_zip_rtp = gzip
pcap_dump_ziplevel_rtp = 3
pcap_dump_writethreads = 1
pcap_dump_writethreads_max = 32
pcap_dump_asyncwrite = yes
tar = yes
tar_maxthreads = 8
tar_compress_sip = gzip
tar_sip_level = 6
tar_compress_rtp = no
tar_rtp_level = 1
tar_compress_graph = gzip
tar_graph_level = 1
savesip = yes       
save_sip_history = all
savertp = yes
faxdetect = yes
savertcp = yes
saveaudio_stereo = yes
ogg_quality = 0.4 
dtmf2db = yes
inbanddtmf = yes
silencedetect = no
savegraph = yes
maxpoolsize     = 75000
maxpooldays     = 50
maxpoolsize_2       = 102400
autocleanspool = yes
autocleanspoolminpercent = 1
autocleanmingb = 5
mos_g729 = no
mos_lqo = no
mos_lqo_bin = pesq
mos_lqo_ref = /usr/local/share/voipmonitor/audio/mos_lqe_original.wav
mos_lqo_ref16 = /usr/local/share/voipmonitor/audio/mos_lqe_original_16khz.wav
dscp = yes

[voipmonitor]

how did you extract the pcap?

[akam-it]

usualy from voipmonitor home (sip+rtp)

but I tried from voipmonitor gui too

[voipmonitor]

in voipmonitor home you have .pcap files or .tar files? I do not see how it is possible that you have pcap file in /home because tar = yes ?

[akam-it]

Yes, there tar files

[voipmonitor]

but I'm able to open the pcap file - it is ng format (compressed). do you open it with some recent wireshark version?

[akam-it]

did you mean my attached pcap file? yes I open it with wireshark

[voipmonitor]

I though that your attached pcap was that one which was corrupted?

[akam-it]

Yes it is. "corrputed" I mean "broken" voice and doubled cseq packets.

[voipmonitor-petr]

Hello, what interfaces you set to sniff on in /etc/voipmonitor.conf ? if the voipmonitor intercepts same packets on more places consider to enable option 'deduplicate=yes' in /etc/voipmontor.conf

[akam-it]

I have interface = any in config. but I have lo and ens192 only

I tried that option too, no changes. I think because packets are not the same:

[voipmonitor-petr]

Did you set it on a receiver side?

deduplicate = yes

( I tested with your pcap and duplicities were removed )

[voipmonitor-petr]

(But i tested in standalone sniffer) not in mirror mode, in case it still not works try to set deduplicate=yes also on client side:

and you can try to change interface option from any to enum like:

_interface=ens192,lo auto_enable_useblocks = yes