View unanswered posts | View active topics It is currently Mon Jun 17, 2019 9:43 pm



Post new topic Reply to topic  [ 4 posts ] 
 xplico and heavy load reply from GUI 
Author Message

Joined: Mon Aug 23, 2010 9:43 pm
Posts: 2
Reply with quote
Post xplico and heavy load reply from GUI
Hi,
i used to work with VoIP and find xplico as very useful and great tool for easy and user friendly
forensic tool.
I have a couple of IP phones (SIP and MGCP) and PC with xplico connected to mirroring (span) port to Cisco switch.

i have a problem with xplico +GUI interface. Actually when start live capturing VoIP (SIP, MGCP + RTP) in real time.
i am able to start live capture session but i cannot see all my calls as well as RTP play is possible for calls
that takes more time, for example 5 or 10 minutes.

I was following installation steps from the wiki page.
I would like to capture SIP or MGCP with RTP live and to be able to play them later and should
be able to handle heavy load or creation of more sessions for different cases.

the problem is for same voip cases i dont have RTP at all in GUI and i am not able to play stream if takes more than 1,5 minute.
Is that normal behaviour or?
The problem could be with a big pcap file but i did changes on /etc/php5/apache2/php.ini file.

Is it possible to caputre heavy load or to create more sessions by console and to play then later with WEB interface
for the calls that takes more then 1 minute?
The problem could be with configuration as well. I might did something worng.
Any help or hint i would appreciate.

Regards
Angel


Thu Aug 26, 2010 1:22 pm
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: xplico and heavy load reply from GUI
Hi seminar01,
To extract and decode SIP and/or RTP (MGCP as protocol dissector has not yet been developed) VoIP calls there are many steps:
  • xplico decoder (SIP,RTP,RTCP,SDP dissectors)
  • videosnarf (RTP to wav)
  • sox
  • lame
  • the flash application (only in the XI)
The bugs can be in one (or more) of this steps. Most likely the duration of the call bug is a problem of fash application. We are rewrite the application with processing.org framework, this application will be integrated in the XI in Xplico-0.6.1.
If you can send me (bug[@]xplico.org) a pcap with this errors we can identify and fix the bugs.

Ciao.
Gianluca


Mon Aug 30, 2010 5:27 am
Profile WWW

Joined: Mon Aug 23, 2010 9:43 pm
Posts: 2
Reply with quote
Post Re: xplico and heavy load reply from GUI
Hi,

thanks for the information.
Could you be so kind and tel me which exactly info, traces and logs do you need
then i will send you bug


Wed Sep 01, 2010 9:56 am
Profile
Site Admin

Joined: Wed Sep 16, 2009 10:09 pm
Posts: 394
Reply with quote
Post Re: xplico and heavy load reply from GUI
I think you have identified more than a bug. We can start with the problem of the duration of the call.
To understand if it is a problem of flash application or not, you should:
- identify a pcap with one call that has the problem of the duration
- use this pcap with Xplico in CLI (not XI)
- listen to the call extracted by Xplico-CLI (path: xdecode/*/voip/*/*)
If the call is complete (its duration) then the problem is the flash application.

Second bug: a call is not recognized by Xplico and/or it is not decoded.
To understand where is this problem you should:
- identify a pcap with one call that Xplico (with/from XI) not recognize (or not decode)
- use this pcap with Xplico in CLI (not XI)
- send me last (console) lines from "pcapf: running: 0/0, subflow:0/0, tot pkt:230" to "Total elaboration time: 12s"
- check if exist a directory named xdecode/*/voip/ and if inside xdecode/*/voip/*/* there are some files

Ciao, and thanks for the help that you give us.
Gianluca


Thu Sep 02, 2010 5:20 am
Profile WWW
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by Vjacheslav Trushkin for Free Forums/DivisionCore.