In this module, the packages from a network interface or an open file from disk are selected and interpreted in order to extract only the information of interest to the other modules of the upper hierarchy of the application.
The work of this interpreter depends on the behavior of the rest of the system, which is being used to capture packets from a network interface or commanded to open one or more disk files. But whatever the mode of work he will perform the following procedures when a packet is received:
- Analysis of the Ethernet header and link layer protocol used to check if the network layer of the packet is the IP. This must be done, because all the voice packets over IP use this protocol as the network layer;
- verification of the IP header if the transport protocol used is UDP, because the VoIPFix only analyzes the packets with this transport protocol;
- data collection of IP address and port of origin and destination of the package, since the information will be essential for analysis in the transactions detector module;
- check whether the data package carried by the UDP payload belongs to a SIP package. This is done by analyzing the first line of text, searching for key words and combinations of features of a SIP package. The step saves processing by eliminating packets previously marked as non-SIP step of interpretation itself;
- send a SIP packet to the process of interpretation, which turns the message text in a standard structure that can be analyzed more efficiently by the analysis modules. This interpretation process is performed by the library oSIP. If the package is not SIP, although it might possibly be RTP, which is not a protocol that carries messages in text format. In this case, can not be absolutely sure whether or not a packet is RTP, but some tests are done to verify its integrity and mark it. The other packages, which were not marked as SIP or RTP, are not disposed to occupy space in memory.
When VoIPFix is being used to open files saved on a disk, this module performs the procedure outlined above on multiple concurrent tasks, in order to save processing time and total utilization of the resources of the host.