heplify is captagents little brother, optimized for speed and simplicity. It's a single binary which you can run on Linux, ARM, MIPS, Windows to capture IPv4 or IPv6 packets and send them to Homer. Heplify is able to send SIP, correlated RTCP, RTCPXR, DNS, Logs into homer. It's able to handle fragmented and duplicate packets out of the box.
None if you use the binary from the releases
Download heplify and execute 'chmod +x heplify'
Download heplify.exe
If you have Go 1.18+ installed, build the latest heplify binary by running make
Now you should install LUA Jit:
Compile from sources:
Install luajit dev libary
apt-get install libluajit-5.1-dev
yum install luajit-devel
or for macOS
# Assuming brew installs to /usr/local/ brew install [email protected] luajit ln -s /usr/local/lib/pkgconfig/luajit.pc /usr/local/lib/pkgconfig/luajit-5.1.pc export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/
install Go 1.11+
go build cmd/heplify/heplify.go
You can also build a docker image:
docker build --no-cache -t sipcapture/heplify:latest -f docker/heplify/Dockerfile .
You can use the image using docker compose:
image: sipcapture/heplify:latest
user: 1000:1000
./heplify -e -hs ${HOMER_DST}:9060 -m SIP -dd -zf -l info
network_mode: host
restart: unless-stopped
If true, the github.com/google/gopacket/tcpassembly library will log verbose debugging information (at least one line per packet)
If true, the github.com/google/gopacket/tcpassembly library will log information regarding its memory use every once in a while.
-b int
Interface buffersize (MB) (default 32)
-bpf string
Custom BPF to capture packets
collect only sip
-d string
Enable certain debug selectors [defrag,layer,payload,rtp,rtcp,sdp]
Deduplicate packets
-di string
Discard uninteresting packets by any string
-didip string
Discard uninteresting SIP packets by Destination IP(s)
-diip string
Discard uninteresting SIP packets by Source or Destination IP(s)
-dim string
Discard uninteresting SIP packets by Method [OPTIONS,NOTIFY]
-disip string
Discard uninteresting SIP packets by Source IP(s)
Log to stderr and disable syslog/file output
Exit once done reading pcap file
-fg uint
Fanout group ID for af_packet
-fi string
Filter interesting packets by any string
-fnum int
The total num of log files to keep (default 7)
-fsize uint
The rotate size per log file based on byte (default 10485760)
-fw int
Fanout worker count for af_packet (default 4)
enable buffer messages if connection to HEP server broken
enable debug buffer messages
-hep-buffer-file string
filename and location for hep-buffer file (default "HEP-Buffer.dump")
-hep-buffer-max-size string
max buffer size, can be B, KB, MB, GB, TB. By default - unlimited (default "0")
-hi uint
HEP node ID (default 2002)
HEP collector listening protocol, address and port (example: "tcp:")
-hn string
HEP node Name
-hp string
HEP node PW
-hs string
HEP server destination address and port (default "")
-i string
Listen on interface (default "any")
-keepalive uint
keep alive internal - 5 seconds by default. 0 - disable (default 5)
-l string
Log level [debug, info, warning, error] (default "info")
-lp int
Loop count over ReadFile. Use 0 to loop forever (default 1)
-m string
Capture modes [SIP, SIPDNS, SIPLOG, SIPRTCP] (default "SIPRTCP")
-n string
Log filename (default "heplify.log")
-nt string
Network types are [udp, tcp, tls] (default "udp")
-bpf string
Custom bpf filter (default "")
Read packet for packet
-p string
Log filepath (default "./")
-pr string
Portrange to capture SIP (default "5060-5090")
-prometheus string
prometheus metrics - ip:port. By default all IPs (default ":8090")
Use Protobuf on wire
-rf string
Read pcap file
Use packet timestamps with maximum pcap read speed
-rt int
Pcap rotation time in minutes (default 60)
-s int
Snaplength (default 8192)
-script-file string
Script file to execute on each packet
-script-hep-filter string
HEP filter for script, comma separated list of HEP types (default "1")
If true, sipassembly will be enabled
skip certifcate validation
Log to syslog
-t string
Capture types are [pcap, af_packet] (default "pcap")
If true, tcpassembly will be enabled
-tcpsendretries uint
Number of retries for sending before giving up and reconnecting (default 64)
Show heplify version
-wf string
Path to write pcap file
Enable pcap compression
-script-file string
LUA script file path to execute on each packet
-script-hep-filter string
HEP Type filter for LUA script, comma separated list (default "1")
# Capture SIP and RTCP packets on any interface and send them to
# Capture SIP and RTCP packets on any interface and send them via TLS to
./heplify -hs -nt tls
# Capture SIP and RTCP packets on any interface and send them to Use a someNodeName
./heplify -hs -hn someNodeName
# Capture SIP and RTCP packets on any interface and send them to Print info to stdout
./heplify -hs -e
# Capture SIP and RTCP packets on any interface and send them to and
./heplify -hs ","
# Capture SIP and RTCP packets on any interface and send them to Print debug selectors
./heplify -hs -e -d fragment,payload,rtcp
# Capture SIP and RTCP packets with custom SIP port range on eth2 and send them to
./heplify -i eth2 -pr 6000-6010 -hs
# Capture SIP and RTCP packets on eth2, send them to homer and compressed to /srv/pcapdumps/
./heplify -i eth2 -hs -wf /srv/pcapdumps/ -zf
# Read example/rtp_rtcp_sip.pcap and send SIP and correlated RTCP packets to
./heplify -rf example/rtp_rtcp_sip.pcap -hs
# Capture and send packets except SIP OPTIONS and NOTIFY to
./heplify -hs -dim OPTIONS,NOTIFY
# Capture SIP packet with HPERM encapsulation on port 7932 and interface eth2, send to and print debug info on stdout
./heplify -i eth2 -bpf "port 7932" -hs -l debug -e
# Capture SIP packet with VXLAN encapsulation on port 4789 and interface eth0, send to and print debug info on stdout
./heplify -i eth0 -bpf "port 4789" -hs -l debug -e
# Run heplify in "HEP Collector" mode in order to receive HEP input via TCP on port 9060 and fork (output) to two HEP servers listening on port 9063
./heplify -e -hs HEPServer1:9063,HEPserver2:9063 -hin tcp:
This Open-Source project is made possible by actual Humans without corporate sponsors, angels or patreons.
If you use this software in production, please consider supporting its development with contributions or donations