[Asterisk-biz] VoIP recording
trixter aka Bret McDanel
trixter at 0xdecafbad.com
Wed Nov 30 13:38:15 MST 2005
On Wed, 2005-11-30 at 21:21 +0100, Ron Arts wrote:
> What we do, is configure a mirroring port on the network switch.
> Such a port exactly mirrors the port that is connected to the asterisk box.
> If you have enough CPU power on the listening box, you won't miss
> a single packet.
And therein lies the problem. The packet filter that is capturing may
drop becuase of cpu load or whatnot. On the real box packets that are
dropped that way arent processed so it makes a slight difference in
terms of the data.
A single packet probably wont matter too much, but if you drop every 3rd
or so then you will have severe problems. Just makes the cost of the
machine potentially higher.
Another problem is potentially malformed packets. The recording system
should record raw, rather than trying to parse data out for that reason.
Its not that uncommon to see programs like ethereal, tcpdump, snort, etc
all have specific vulnerabilities where you can segfault the sniffer
with a malformed packet (a packet that may not have any effect on the
asterisk box btw).
--
Trixter http://www.0xdecafbad.com Bret McDanel
UK +44 870 340 4605 Germany +49 801 777 555 3402
US +1 360 207 0479 or +1 516 687 5200
FreeWorldDialup: 635378
http://www.sacaug.org/ Sacramento Asterisk Users Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.digium.com/pipermail/asterisk-biz/attachments/20051130/4e16d87f/attachment.pgp
More information about the asterisk-biz
mailing list