Monitoring

anynode SIP Capture Agents Configuration

In the anynode frontend, open the SIP Capture Agent via Extras and SIP Capture Agents. This opens the overview of all configured SIP capture agent connections.

anynode frontend main view with extras menu and SIP capture agents function.

To create a new connection, click Add. This will open a configuration dialog where you can define the parameters for sending SIP flow data using HEP v3.

anynode frontend with list of SIP capture agents.

In the SIP Capture Agent Connection dialog, configure the following parameters:

SIP capture protocol: Use the default HEP V3.

Host: Enter the IP address or hostname of the system where Wireshark is running with the UDP Listener.

Port: Set this to 9000 (the default port for HEP traffic used by anynode).

Transport Protocol: Select UDP.

Capture ID: Identifier to distinguish between multiple anynode systems. In our example, we have got only one anynode system.

Click Next to continue.

anynode SIP capture agent assistant with connection settings.

In this step, you define how anynode selects the source IP address used for sending SIP capture data. This is important to ensure that the HEP messages are sent from the correct interface and are routable to the target system (Wireshark listener).

anynode SIP capture agent assistant with network controller settings.

You can choose from the following options:

Use a fixed IP address

anynode will always use the specified IP address, regardless of changes in the network. This is suitable for static network configurations where the IP address does not change. ⚠️ Not recommended if the system uses DHCP, IPv6 autoconfiguration, or other dynamic addressing.

Use an interface's address

anynode will automatically use the current IP address assigned to a selected network interface. Changes are tracked in real time, making this option ideal for dynamic environments (e.g., DHCP or IPv6). You must also specify whether to use IPv4 or IPv6.

Advanced configuration

Allows for flexible setups in roaming, multi-network, or high availability cluster environments. Useful when deploying anynode instances across multiple or shifting network contexts with shared settings.

Choose the option that best fits your deployment scenario to ensure reliable transmission of SIP capture data.

Click Next to continue.

In this step, you can configure Trusted Certificates for the SIP Capture Agent connection. This setting is relevant only if you are using TLS to send HEP data securely. It allows anynode to verify the identity of the remote capture server by checking its TLS certificate against a list of trusted certificate authorities (CAs).

If your SIP Capture Agent connection is configured to use UDP, this step can be skipped, as encryption and certificate verification are not used in that case.

If TLS is enabled:

• Add the CA certificate of the remote capture server here.

• This ensures that anynode only communicates with trusted and verified endpoints.

• Without the correct certificate, the connection will fail during the TLS handshake.

For most Wireshark use cases, where HEP is sent over UDP, no trusted certificates are required.

anynode SIP capture agent assistant with trusted certificate settings.

You should consider using HEP over TLS if:

• SIP signaling data contains sensitive information and must be protected during transmission.

• The capture server (e.g., Homer or a cloud-based monitoring service) is hosted externally or accessed over untrusted networks.

• Your organization's security policies mandate encryption for diagnostic or monitoring traffic.

Click Next to continue.

In the Test step of the assistant, you can verify that the configured SIP Capture Agent connection is working correctly.

Click the Test button to send a test HEP message to the target system (e.g., Wireshark).

This allows you to confirm that:

• The network path to the destination IP and port (typically UDP 9000) is reachable.

• The SIP Capture Agent is correctly sending data using the configured settings.

• The target (such as Wireshark with the HEP plugin and UDP Listener) is ready to receive and interpret the message.

anynode SIP capture agent assistant with test function.

If the test is successful, you should see the packet appear in Wireshark shortly after.

If no packet arrives, check:

• That Wireshark is running and the UDP Listener is active.

• The correct port and IP address are set.

• Any firewalls are not blocking UDP traffic on port 9000.

In the last step of the SIP Capture Agent assistant, you are asked to assign a name to the connection.

This name is used to:

• Identify the SIP Capture Agent in the list of configured connections.

• Distinguish between multiple capture agent setups (e.g., different destinations or network contexts).

• Help with troubleshooting and logging by providing a meaningful label in log entries and system events

Choose a descriptive and unique name, such as:

• Wireshark UDP Capture

• HEP v3 to Homer Collector

• TLS SIP Capture for External Trunk

In our example, we choose the name Wireshark UDP Capture.

Once the name is assigned, click Finish to complete the setup. The SIP Capture Agent is now configured and ready to send SIP flow data to the specified destination.

anynode SIP capture agent assistant with name definition.

You will get an overview of all configured SIP capture agents.

Click Ok to close it.

anynode SIP capture agent assistant with name definition.

While Wireshark is ideal for quick, local diagnostics, the HEP protocol allows SIP signaling to be exported in a structured way to external systems for deeper, long-term analysis. This expands troubleshooting beyond local captures and provides a scalable method for collecting and reviewing SIP data across distributed environments

SIP Capture with Wireshark from anynode.