Socket Modules
Socket modules are used by captagent to capture packets from the system available interfaces. By default, the pcap socket is enabled.
Within each socket, multiple profiles can be defined and configured as pipelines to process captured packets. By default the socketspcap_sip pipeline is enabled defining the interface and ports utilized for capturing and processing SIP packets via the dedicated Capture Plan
<profile name="socketspcap_sip" description="HEP Socket" enable="true" serial="2014010402">
<settings>
<param name="dev" value="eth0"/>
<param name="promisc" value="true"/>
<param name="reasm" value="false"/>
<param name="websocket-detection" value="false"/>
<param name="tcpdefrag" value="false"/>
<param name="capture-plan" value="sip_capture_plan.cfg"/>
<param name="filter">
<value>portrange 5060-5091</value>
</param>
</settings>
</profile>
When capturing ERSPAN Encapsulated traffic
<param name="filter">
<value>portrange 5060-5091</value>
</param>
<param name="erspan" value="true"/>
When capturing GRE Encapsulated traffic
<param name="filter">
<value>proto GRE and len > 50</value>
</param>
<param name="erspan" value="false"/>
Sometimes WebSocket subprotocol it is used as a reliable transport mechanism between Session Initiation Protocol (SIP) entities to enable use of SIP in web-oriented deployments. Captagent provide additional parsing for Websocket layer on TCP by enable the websocket-detection param (default is false)
<param name="websocket-detection" value="true"/>