Luca,
I do not understand the relation between
aggregating traffic and not sending information about
RTP.
Regards,
Luis
--- Luca Deri <[EMAIL PROTECTED]> wrote:
> Anthony,
> if you don't specify ports, nprobe assumes that you
> want to aggregate
> traffic on them, hence they are ignored.
>
> Regards, Luca
>
> anthony thomas wrote:
>
> >Hello Luca,
> > Thanks for answering.
> >
> > While trying to get a trace for you, I realized
> that
> >adding L4 ports to the template, nprobe does send
> rtp
> >information to the collector. In other words using:
> >-T "%LAST_SWITCHED %FIRST_SWITCHED %IPV4_SRC_ADDR
> >%IPV4_DST_ADDR %IN_BYTES %IN_PKTS %OUT_BYTES
> >%SIP_CALL_ID %SIP_CALLING_PARTY %SIP_CALLED_PARTY
> >%SIP_RTP_CODECS %SIP_RTP_SRC_PORT %SIP_RTP_DST_PORT
> >%RTP_FIRST_SSRC %RTP_IN_JITTER
> %RTP_OUT_PAYLOAD_TYPE
> >%RTP_IN_MAX_DELTA"
> >
> >didn't work, adding %L4_SRC_PORT %L4_DST_PORT seems
> to
> >work fine.
> >Now, I am trying to find if there is another
> >combination for SIP info.
> >
> > Thanks a lot!,
> >
> >A
> >--- Luca Deri <[EMAIL PROTECTED]> wrote:
> >
>
> > Anthony,
> > nprobe reports you info about SIP if it can see
> SIP
> > traffic. Can you
> > please mail me an ethereal traffic dump of your
> SIP
> > traffic in order to
> > check what;s wrong?
> >
> > Thanks, Luca
> >
> >
> > anthony thomas wrote:
> >
> > >Hello,
> >
> > > I am probably doing something very wrong so
> >
> > forgive
> >
> > >me for asking this but, when I am running nprobe
> >
> > on my
> >
> > >network sniffing voip (SIP and RTP) traffic, all
> > >voip-related tags come empty.
> >
> > > I know that the flows that nprobe is sending
> to
> >
> > my
> >
> > >collector are from RTP sessions since is the only
> > >traffic that is on the network and the number of
> > >packets is very high.
> >
> > > Whe nprobe starts it says that is initializing
> >
> > RTP
> >
> > >and SIP plugins cleanly.
> >
> > > This is the command line option I am using -T
> > >"%LAST_SWITCHES %FIRST_SWITCHED %IN_BYTES
> %IN_PKTS
> > >%OUT_BYTES %SIP_CALL_ID %SIP_CALLING_PARTY
> > >%SIP_CALLED_PARTY"
> >
> > > In an ethereal trace, all tags are in the
> >
> > packet,
> >
> > >but all are zeroed.
> >
> > > As allways, I hope that someone could give me
> >
> > some
> >
> > >light on this.
> >
> > > Thanks!!
> >
> > >A
> >
> >
> >
> > >__________________________________
> > >Yahoo! FareChase: Search multiple travel sites in
> >
> > one click.
> >
> > >http://farechase.yahoo.com
> > >_______________________________________________
> > >Ntop mailing list
> > >[email protected]
> > >http://listgateway.unipi.it/mailman/listinfo/ntop
> >
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> >__________________________________
> >Yahoo! Mail - PC Magazine Editors' Choice 2005
> >http://mail.yahoo.com
> >_______________________________________________
> >Ntop mailing list
> >[email protected]
> >http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> --
> Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/
> skype://lucaderi/
> Hacker: someone who loves to program and enjoys
> being
> clever about it - Richard Stallman
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
