Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 
cisco-phone.png

If you don't know, Homer is a very powerful tool that VoIP companies use to analyze what happened (or what is happening win semi-real-time) in the PBX. You can analyze what happened in a call reported one hour ago without disrupting the customer (sounds awesome right?).

However, the not so bright side of Homer is that it needs a lot of babysitting. Sooner than later, because of the way it works, your database will be overloaded. The more calls you have the more information Homer will need to store, then you will need a really huge server. Another thing you must know is that Homer needs a lot of love, the vanilla installation won't help you a lot. You must set up the reports, which could take some time to master.

I have a solution if you are okay by giving up some few things.

The Issue of Having Homer

Maybe not for everyone, but I see these big issues (take the one that applies to you):

  1. Database babysitting is a non-ending task that takes time
  2. The effort to get the view you want before being useful
  3. The hardware sizing for analyzing and storing all the information. The more calls you have, the more powerful hardware you will need.

The Issue of Not Having a Tool to Analyze

There is not too much to say. If you do not have Homer, my proposal (read below) or any other tool the problem is that you will need to deal more with the end user than you wish. Some users are very kind and help you, others aren't.

My Alternative to Homer

It is called pcapsipdump 0.2. PCAP SIP Dump is a sniffer that saves the SIP and RTP of every call organized in directories, but the best thing is that each leg of the call is stored in a single PCAP file. This means, that a simple call there are two PCAP files: one for the carrier - PBX leg, and other for the PBX - IP Phone leg.

I spent a little reading the code to understand the nomenclature that pcapsipdump uses. Here it is:

  • \var\spool\pcapsipdump
    • 20191231 - system date in YYYYMMDD format
      • 23 - system hour in 24 hrs format
        • This email address is being protected from spambots. You need JavaScript enabled to view it. - filename with the format: YYYYMMMDD-HHMMSS-<caller id number>-<callee id number>-call id.pcap

Please note that the caller ID number and the callee ID number could be anything but numbers only. Carriers usually will use numbers, but it could be letters and some signs as well.

The Call-ID is a special identifier that makes unique that SIP session. It is in the SIP payload, look for the Call-ID header.

So, if someone reports a problem of a specific call, you just need to know the date, the hour, from what number they called, to what number they called and who answered the call (if applies). Remember that it is very common to have a one-legged call if there is only an IVR answering, or a multi-legged call if you are using a conference.

How to Install and Use PCAP SIP Dump?

Well, if you are in the correct Linux flavor, add the OKay RPM repository and type yum install pcapsipdump. After that, you just need to enable the service by typing chkconfig pcapsipdump on (for CentOS 6) or systemctl enable pcapsipdump (for CentOS 7). To start the daemon, type service pcapsipdump start (for CentOS 6) or systemctl start pcapsipdump (for CentOS 7).

Remember to stop the daemon if you are not using it or set up some scripts to delete older captures as you decide in your keeping policy.

Some Side Effects of Using PCAP SIP Dump

If you are giving up Homer in favor of PCAP SIP Dump, the first thing you need to know is that there is no WEB interface. You will need to master a little the Linux command line to find the right file or files, copy it or them to your local computer and analyze with Wireshark.

wireshark sip

Graphic interfaces are overrated.

Good luck!

blog comments powered by Disqus

About

Read about IT, Migration, Business, Money, Marketing and other subjects.

Some subjects: FusionPBX, FreeSWITCH, Linux, Security, Canada, Cryptocurrency, Trading.