Skip to content

Capture Plans

Jump to bottom Edit New page
Lorenzo Mangani edited this page May 14, 2016 · 9 revisions

Capture Plans

Capture Plans are pipelines defined by capture sockets and utilized to handle and process
Protocol modules are loaded at startup by the captagent.xml general configuration.

socket_pcap -> {profile} -> capture_plan

Example Pointer


    <profile name="socketspcap_sip" description="HEP Socket" enable="true" serial="2014010402">
    <settings>
	<param name="dev" value="eth0"/>
	<param name="promisc" value="true"/>
	<param name="reasm" value="false"/>
	<param name="tcpdefrag" value="false"/>
	<param name="capture-plan" value="sip_capture_plan.cfg"/>
	<param name="filter">
	    <value>portrange 5060-5091</value>
	</param>
    </settings>
</profile>




##### Example Capture Plan
```/usr/local/etc/captagent/captureplans/sip_capture_plan.cfg```



capture[pcap] {
# here we can check source/destination IP/port, message size
if(msg_check("size", "100")) {
#Do parsing
if(parse_sip()) {
#Multiple profiles can be defined in transport_hep.xml
if(!send_hep("hepsocket")) {
clog("ERROR", "Error sending HEP!!!!");
}
}
}
drop;
}




              


              

                
                   Add a custom footer
              

          



  
          

            

              

                

                  

                      
                        
                      
                    


                  

                

              


            
Clone this wiki locally