| CARVIEW |
Select Language
HTTP/2 200
date: Sun, 27 Jul 2025 09:24:47 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
x-robots-tag: none
etag: W/"d263802ef5c29f473e406c19c44d936a"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=i2DXpAFHrWZEnsqS%2B5WXGBCdbyyckolspfGqqPrczLns2y86uFuxkrcXXUfy2OTtXnFOUmSZMSIvIbc7NwNMDNVGaQjek3yYQkLNRigdGhlTQmb%2BnVUMYdKk9CDmn%2Fbhl1R4IVO%2BVLIOBCRFC3nHRnS1JMtyaonJgWhw2aw0JJ961vAvfLKcuiQdPQh657YwIvqv3TDVo9AlijWStpAGECywvpbdNEFQ2isOHfAv2yqcF5Wxbs3iKibRPUithM7ousa%2BHs3FcojDtxUFqAHscA%3D%3D--t%2Bj2mjNZlWK7jc7b--HuTsiXDMBh%2BY3xfBQKtRuw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.199187912.1753608287; Path=/; Domain=github.com; Expires=Mon, 27 Jul 2026 09:24:47 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Mon, 27 Jul 2026 09:24:47 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: EB6A:0A61:320833:437FC8:6885F05F
Socket Modules · sipcapture/captagent Wiki · GitHub
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 76
Socket Modules
Michele Campus edited this page Jan 4, 2023
·
7 revisions
Socket modules are used by captagent to capture packets from the system available interfaces. By default, the pcap socket is enabled.
Within each socket, multiple profiles can be defined and configured as pipelines to process captured packets. By default the socketspcap_sip pipeline is enabled defining the interface and ports utilized for capturing and processing SIP packets via the dedicated Capture Plan
<profile name="socketspcap_sip" description="HEP Socket" enable="carview.php?tsp=true" serial="2014010402">
<settings>
<param name="dev" value="eth0"/>
<param name="promisc" value="carview.php?tsp=true"/>
<param name="reasm" value="false"/>
<param name="websocket-detection" value="false"/>
<param name="tcpdefrag" value="false"/>
<!-- <param name="capture-filter" value="ip_to_ip"/> -->
<param name="capture-plan" value="sip_capture_plan.cfg"/>
<param name="filter">
<value>portrange 5060-5091</value>
</param>
</settings>
</profile>
When capturing GRE-ERSPAN Encapsulated traffic this needs to be setup
<param name="erspan" value="carview.php?tsp=true"/>
<param name="filter">
<value>proto GRE and len > 50</value>
</param>
Sometimes WebSocket subprotocol it is used as a reliable transport mechanism between Session Initiation Protocol (SIP) entities to enable use of SIP in web-oriented deployments.
Captagent provide additional parsing for Websocket layer on TCP by enable the websocket-detection param (default is false)
<param name="websocket-detection" value="carview.php?tsp=true"/>
IP-to-IP is an IP tunneling protocol that encapsulates one IP packet in another IP packet. To encapsulate an IP packet in another IP packet, an outer header is added with source IP, the entry point of the tunnel, and the destination IP, the exit point of the tunnel.
Captagent now has the possibility to check and correctly parse this tunnel by adding a new capture-filter on portrange 5060-590:
<param name="capture-filter" value="ip_to_ip"/>
This filter perform also the internal check on portrange 5060-5090, so in the BPF filter you can simply add this
<param name="filter">
<value>ip</value>
</param>
Clone this wiki locally
You can’t perform that action at this time.