#20 no files and false directory structure

[macuno]

when i start pcapsipdump it creartes a dir structure like "/var/spool/pcapsipdump/197001/01" and no file is store in there.

With tcpdump i can see all rtp udp packets.

is that a issue with the directory structure "197001/01"??

compiled on ubuntu 18.04

[Aex Aey]

Sounds like some of system calls by the pcapsipdump binary are getting blocked - gettimeofday() and libpcap-related bindings. I would suspect an LSM interfering.

Try disabling AppArmor, or if you have a lot of time on hand, try creating an appropriate AppArmor profile: https://help.ubuntu.com/community/AppArmor

[macuno]

ok, i will check this. thank you

[macuno]

hi AA,

i have disable apparmor on ubuntu, have check libpca no results.

i have compiled it on an empty debian 9 machine with the same issue.

another idea?

[Aex Aey]

Ok, nevermind about AppArmor - just checked with fresh ubuntu bionic install, and it all works fine.

Same for "false" directory. I have slightly improved this in [r138], but that's not the problem either.

Problem likely is - there is no SIP/UDP traffic on specified interface. So:

• Check that capture is done on correct interface (option -i);
• Check if there is some SIP/UDP to go along with that RTP (pcapsipdump would not capture RTP without session initiation);
• If you are using SIP/TCP instead, have a look at bug #22 and compiling with experimental TCP support:

make CXXFLAGS=-DUSE_TCP=1

• If you're dealing with SIP/TLS - pcapsipdump can't capture that for now.

[macuno]

ok, thanks you for looking.

thanks