xenion HQ

Comment from Miguel OLIVARES
Date: April 28, 2008, 4:49 pm

hi

i’m trying to install rtpbreak i got the code source from
http://xenion.antifork.org/rtpbreak/rtpbreak-1.3.tgz

i followed the doc
http://xenion.antifork.org/rtpbreak/doc/rtpbreak_en.html

but when i type make i got the following error messages
please can you help me in order to install rtpbreak

[root@localhost rtpbreak-1.3]# make
make[1]: entrant dans le répertoire « /home/mike/rtpbreak-1.3/src »
%
% Compiling rtpbreak v1.3
%
% CC……………….: cc
% CFLAGS……………: -Wall
% LIBS……………..: -lpcap -lnet
% DEFS……………..:
%
cc -c -DVERSION=\”1.3\” -Wall main.c
cc -c -Wall common.c
cc -c -Wall net.c
cc -lpcap -lnet main.o common.o net.o -o rtpbreak
main.o: In function `loop’:
main.c:(.text+0×49a): undefined reference to `pcap_next’
main.o: In function `cleanup’:
main.c:(.text+0×7d4): undefined reference to `pcap_close’
main.c:(.text+0×894): undefined reference to `pcap_dump_close’
main.o: In function `init_opt’:
main.c:(.text+0xf94): undefined reference to `pcap_open_offline’
main.c:(.text+0×1006): undefined reference to `pcap_open_live’
main.c:(.text+0×10f4): undefined reference to `pcap_dump_open’
main.c:(.text+0×110f): undefined reference to `pcap_geterr’
main.o: In function `main’:
main.c:(.text+0×2018): undefined reference to `pcap_datalink’
main.o: In function `rtp_stream_flush’:
main.c:(.text+0×2c01): undefined reference to `pcap_dump’
main.c:(.text+0×301a): undefined reference to `pcap_dump’
main.o: In function `rtp_stream_open_files’:
main.c:(.text+0×33ad): undefined reference to `pcap_dump_open’
main.c:(.text+0×33cc): undefined reference to `pcap_geterr’
main.o: In function `rtp_stream_close’:
main.c:(.text+0×38fd): undefined reference to `pcap_dump_close’
net.o: In function `sizeof_datalink’:
net.c:(.text+0xd): undefined reference to `pcap_datalink’
net.c:(.text+0×21): undefined reference to `pcap_geterr’
net.o: In function `add_pcap_filter’:
net.c:(.text+0×292): undefined reference to `pcap_compile’
net.c:(.text+0×2a1): undefined reference to `pcap_geterr’
net.c:(.text+0×2db): undefined reference to `pcap_setfilter’
net.c:(.text+0×2ea): undefined reference to `pcap_geterr’
net.c:(.text+0×31d): undefined reference to `pcap_freecode’
collect2: ld a retourné 1 code d’état d’exécution
make[1]: *** [all] Erreur 1
make[1]: quittant le répertoire « /home/mike/rtpbreak-1.3/src »
make: *** [build] Erreur 2

thaks
best regards

Comment from xenion
Date: April 28, 2008, 5:53 pm

hi Miguel,
it seems you haven’t the devel package of libpcap correctly installed. make sure you have the following packages installed:

- libpcap >= 0.7
- libpcap devel >= 0.7
- libnet >= 1.1
- libnet devel >= 1.1

bye,
-x

Comment from Miguel OLIVARES
Date: April 29, 2008, 5:10 pm

Hi

I have a question about your product could you tell me how many RTP sessions can i analyse with rtpbreak “as a limit” . for example i tested your product with a pcap file but i got an error message

29/04/2008#17:13:15 Fatal error at main.c:1200:rtp_stream_open_files: fopen(): Too many open files; exit forced.

thanks
Miguel

Comment from Abraham
Date: April 29, 2008, 10:59 pm

Hello

i have some questions about rtpbreak, i tested your tool and in works great, congratulations but could you what is the limite of rtp sessions for a pcap file.

Have you ever tasted with plus than 300 rtp session?

thanks

Abraham

Comment from xenion
Date: May 4, 2008, 10:34 am

hi Miguel and Abraham,

I’ve never tested rtpbreak with so many rtp sessions, anyway it should work fine. Maybe more slowly, because internally the sessions are represented as a double linked list (not the most performing data structure…). I’m interested in this point, if you think it runs too slowly maybe in the future I’ll introduce an hash list.

Apart the running time, the rtpbreak limits are the available system resources:

- main memory space
- disk space
- max n. of open files

probably the latter is you problem, Miguel. Try to increase it! see here.

why? rtpbreak opens 3 files for each recognized rtp session (raw,pcap,txt) and closes them when the session ends. If you have 300 concurrent rtp sessions, you will have > 3*300 open files.

consider also that with the latest rtpbreak version, you can disable the generation of raw,pcap,txt files. just leave enabled what you need

bye
-x

Comment from Miguel OLIVARES
Date: May 5, 2008, 6:03 pm

Hi

Thanks for your answers, i continue to work with rtpbreak i followed your advises but i have a little problem.

i got a rtpfile with 1052 rtp session and i just want the raw file so i do like this:

[root@localhost testrtp]# /root/bin/rtpbreak -d test1 -W -r testrtp.pcap
[root@localhost testrtp]# cd test1
[root@localhost test1]# ls -l
total 204
-rw-r–r– 1 root root 9440 mai 5 17:42 rtp.0.0.raw
-rw-r–r– 1 root root 416 mai 5 17:42 rtp.0.0.txt
-rw-r–r– 1 root root 184500 mai 5 17:42 rtp.0.txt

[root@localhost test1]# vi rtp.0.txt
+ rtpbreak v1.3 running here!
+ pid: 3692, date/time: 05/05/2008#17:42:48
+ Configuration
+ INPUT
Packet source: rxfile ‘testrtp.pcap’
Force datalink header length: disabled
+ OUTPUT
Output directory: ‘test1′
RTP raw dumps: enabled
RTP pcap dumps: disabled
Fill gaps: disabled
Dump noise: disabled
Logfile: ‘test1/rtp.0.txt’
Logging to stdout: enabled
Logging to syslog: disabled
Be verbose: disabled

+ Status
Alive RTP Sessions: 0
Closed RTP Sessions: 1052
Detected RTP Sessions: 1052
Flushed RTP packets: 61435
Lost RTP packets: 0 (0.00%)
Noise (false positive) packets: 1
+ No active RTP streams

it’s like if there is only one rtp session instead of taking the 1052 existing

otherwise i tested with another .pcap file with more than 4500 rtp session and it takes 40 minutes with the full version (”txt,pcap,raw), i got a hp worstation xw6200

thanks
Miguel

Comment from xenion
Date: May 5, 2008, 6:35 pm

You are right, it’s a -great- bug! thank you, I’ll fix it as soon as I’ve found the code problem. I’ll release a new version soon.

in the “40minutes” run, the final output is ok?

-x

Comment from Miguel OLIVARES
Date: May 5, 2008, 6:59 pm

40 mins its ok becuase it’s .pcap file about 3Gb. I tried to modify the code source main .c but i couldn’t pleasue could you tell me which lines you are going to modify.

i tried like this
00350 o.dump_pcap = 0; // by default is 1

and then
# /root/bin/rtpbreak -d test1 -r testrtp.pcap

but it does’t works otherwise
01184 if (o.dump_pcap)
01185 {
01186 snprintf(pathname, PATH_MAX, “%s/rtp.%d.%d.pcap”,o.outdir, ndxlog, rtp_stream->fid );
01187 if (!(rtp_stream->pdump = pcap_dump_open(mypcap, pathname, “W”)))
01188 FATAL(”pcap_dump_open(): %s”, pcap_geterr(mypcap));

thank

Comment from xenion
Date: May 5, 2008, 7:10 pm

fixed! never got a fix so quickly ah get rtpbreak 1.3a from the top of this page! please let me know if the output now is ok.
-x

Comment from Miguel OLIVARES
Date: May 6, 2008, 6:09 pm

Thanks

i got the correct output file

Miguel

Pingback from rtpbreak 1.3a is out! — Daily Asterisk
Date: May 13, 2008, 10:17 am

[...] ha rilasciato una nuova release di quest’ottimo software, per chi gia non lo conoscesse, rtpbreak, e’ in grado di riconoscere, ricostruire ed analizzare qualunuqe sessione [...]

Comment from sip
Date: May 27, 2008, 5:09 am

tool works great! thanks for sharing and keep up the good work. donation is going to be on its way as well:)

Comment from Miguel OLIVARES
Date: June 30, 2008, 3:02 pm

HI,

i have a couple of questions

have you ever thinked to add the IP @ as a parameter?
and my second question it’s about AMR codec por example take out the raw file when there are packtes that arec dodec on AMR

thanks