[Ntop] ntop and voip
jtbock at daylight.com
Tue Feb 10 16:45:34 CET 2009
I originally sent this to the ntop-misc list, but upon further
consideration (and the fact that no one responded), perhaps the ntop
list is more appropriate.
My goal is to get some visibility into VoIP traffic. I have the
latest stable ntop (3.3.9) and nprobe (5.0.3_011709).
ntop and nprobe are on the same machine, and share a hub with
the voip server.
I use a conf file with nprobe, and is basically -n
-V 9 and -T "%PROTOCOL_MAP %IPV4_SRC_ADDR %IPV4_DST_ADDR %LAST_SWITCHED
%FIRST_SWITCHED %IN_BYTES %IN_PKTS
%OUT_BYTES %OUT_PKTS %SIP_CALL_ID %SIP_CALLING_PARTY %SIP_CALLED_PARTY
%SIP_RTP_CODECS %SIP_RTP_SRC_IP %SIP_RTP_SRC_PORT %SIP_RTP_DST_IP
%SIP_RTP_DST_PORT %RTP_IN_JITTER %RTP_OUT_JITTER %RTP_IN_PKT_LOST
Everything seems to start up ok without errors. nprobe says I'm
using two plugins, which seems reasonable. When I look at the Netflow
stats in ntop, it dutifully reports that it is receving v9 templates. A
relatively small number of templates are identified as unknown.
The issue is that I can't locate any web page which tells me
about the stuff I'm really interested in; namely, the SIP/RTP info. I
looked back through the list archives, and saw some other questions on
this same topic in summer '08. Luca seemed to indicate that SIP/RTP
analysis via ntop was not quite baked at the time, but was expected late
So, I'm not sure if I'm not doing something right, the VoIP
analysis isn't in ntop yet, or something else entirely. Any pointers,
clues, or suggestions greatly appreciated.
More information about the Ntop