captagent capturing packets it's configured not to

45 views
Skip to first unread message

Jeff Pyle

unread,
Aug 4, 2024, 4:58:57 PM8/4/24
to homer-...@googlegroups.com
Hello,

Is this the proper mailing list for captagent? 

I'm using captagent 6.4.1 on Debian 11 amd64. I'm using the sip_capture_plan.cfg [1] example provided on the wiki:

capture[pcap] {
# here we can check source/destination IP/port, message size
if(msg_check("size", "100")) {
   #Do parsing
   if(parse_sip()) {
                # Drop unwanted methods
                if(sip_check("rmethod","OPTIONS") || sip_check("rmethod","NOTIFY")) {
                  drop;
                }

#Multiple profiles can be defined in transport_hep.xml
if(!send_hep("hepsocket")) {
   clog("ERROR", "Error sending HEP!!!!");
}
   }
}
drop;
}

With this configuration captagent is still relaying SIP OPTIONS packets to the configured HEP server. Why?



Regards,
Jeff

Michele Campus

unread,
Aug 7, 2024, 12:23:13 PM8/7/24
to homer-...@googlegroups.com
Hi Jeff,

For every captagent question, you can use the official repo on sipcapture https://github.com/sipcapture/captagent/

Anyway, yes, your sip_capture_plan.cfg is correct.
If it does not work, please open an issue on github and we will check it.

Thank you
Michele

--
You received this message because you are subscribed to the Google Groups "Homer Capture Server. sipcapture.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to homer-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/homer-discuss/CAGH7pfatjTeWNH1EYSGgP%2BcAPKVATO1X5d-rVKhf3J2ZZG0jUw%40mail.gmail.com.


--
Michele Campus
DevOPS Team Lead

QXIP BV - Capture Engineering
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or legally privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this original message. 

Jeff Pyle

unread,
Aug 7, 2024, 2:40:30 PM8/7/24
to homer-...@googlegroups.com
Hi Michele,

I figured it out. I was editing /usr/local/captagent/etc/captagent/sip_capture_plan.cfg. I realized later it loads /usr/local/captagent/etc/captagent/captureplans/sip_capture_plan.cfg. Once I had the right data in the right spot, it worked as espected.



- Jeff

Reply all
Reply to author
Forward
0 new messages