Homer is a system designed to serve packet capturing purpose.The playing actors in this system are the capturing agent, the capturing server, and the web interface. The capturing agent is a daemon process (i.e. background process) which is running on the system of the routing node (SIP router). When a SIP message reaches the router, the capturing agent on this router takes a copy of this message, encapsulate it in HEP/IPIP packet (add an addition header to the message), and send it to the capturing server. The capturing agent will be configured with the address of the capturing server so it knows exactly where to send the packets. The capturing agent can be an external agent like “Captagent“.
When the capturing server receives a packet, it decapsulates it (remove the added header), extracts,validate, and parses the SIP message and insert it in the database.The capturing server can also capture the SIP messages directly from the Ethernet (network monitoring connection). This is when a network switch send a copy of networks packets seen on one switch port to a network monitoring connection on another switch port.
The web interface which is connected to the database of the capturing server, loads the captured data from the database and displays it in a proper way. The figure below shows how Homer system looks like:
OpenSIPS as a Homer Capturing Server
OpenSIPS can operate as a Homer capturing server. This is done with SipCapture module which is contributed to OpenSIPS in 2011. To achieve that, load and configure the SipCapture module in the routing script. In the routing script will be no routing for SIP messages but only capturing, processing and storing in the database. So another module must be loaded here which is the database module “db_mysql.so”.
Choosing OpenSIPS to operate as a capturing server is a good choice because of these:
- Good core performance of OpenSIPS (e.g. Receive Message Handling, SIP Validator, SIP Parser).
- By using OpenSIPS database interface, the capturing server will support many database servers (e.g. Mysql, Oracle,..).
- Portability (Can be compiled on different systems).
- Open source and free.
OpenSIPS as a SIP Router with Integrated Capturing Agent
Here OpenSIPS will operate as a SIP router with an integrated tracing capability (integrated capturing agent). To achieve this, the SipTrace module will be loaded to take a copy of each SIP message (or some of SIP messages) before routing it, encapsulate the message and send it to Homer capturing server. The address of Homer capturing server is configured as a parameter of SipTrace module.
modparam(“siptrace”, “duplicate_uri”, “sip:10.0.0.1:9060”) # The address to send a duplicate of traced message to it.
modparam(“siptrace”, “duplicate_with_hep”, 1) # Enable HEP
modparam(“siptrace”, “trace_to_database”, 0) # Disable tracing to the local database
I will back to this later.
Note: OpenSIPS can not operate as capturing agent (siptrace module, HEP mode) and capturing server (sipcapture module) at the same time.
Homer Web Interface
The captured SIP messages are stored in the database and they should be displayed in proper way to the user who wants to analyse this data to be able to find any problem and solve it. This can be done through Homer multi-user web interface where you can see the messages displayed in table.You can search , filter, and sort the data. You can export the data as pcap files. You can visualize the call flows. You can also get statistics. So the user login to the Homer web interface from anywhere and start working with SIP data.
The Next Part of this article will be about the compilation and installation of SipCapture Module, Setup of Homer Database, Installation of Homer Web interface.