[Asterisk-Dev] VoIP Call Sniffer
Rich Adamson
radamson at routers.com
Sat Jan 8 13:19:40 MST 2005
Yes, some. Switches forward packets at layer two (mac address), and learn
the location of each mac address by listening to packets. Once it has
learned the switch ports associated with the mac address, the switch will
_not_ forward sip or rtp traffic to other ports not associated with the
sip/rtp session.
Example: one * with 100 sip phones on a corporate net with canreinvite=yes.
All established phone-to-phone rtp conversations happen directly between
the two sip phones. If this corporate net uses switches, you could not
monitor the rtp traffic unless you had access to one of the switches in
the rtp path, and set up a port mirror to watch it.
Good security relies on multiple layers; the use of switches qualifies
as a very simple example of one layer. UserID & passwords are another
layer, while encryption is yet another, etc, etc.
------------------------
> So if I use switches does that offer any basic easedroping protection.
>
> -----Original Message-----
> From: asterisk-dev-bounces at lists.digium.com <asterisk-dev-bounces at lists.digium.com>
> To: Asterisk Developers Mailing List <asterisk-dev at lists.digium.com>
> Sent: Sat Jan 08 15:06:21 2005
> Subject: Re: [Asterisk-Dev] VoIP Call Sniffer
>
> > >>The Bad News:
> > >>
> > >>| VoIPong is a utility which detects all Voice Over IP calls on a
> > >>| pipeline, and for those which are G711 encoded, dumps actual
> > >>| conversation to seperate wave files. It supports SIP, H323, Cisco's
> > >>| Skinny Client Protocol, RTP and RTCP.
> > >
> > >
> > > This actually sounds very much like an Ethereal rip-off. Which has had
> > > this functionality for at least two years.
> > >
> >
> > Has anyone on the list actually gotten it to work?
> >
> > I installed it at several places on my network, just to play around.
> > And even it situations where I'm pretty certain Ethereal sees the calls
> > just fine, nothing gets reported by this program.
>
> If you are using ethernet switches, it won't see the rtp traffic.
>
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
---------------End of Original Message-----------------
More information about the asterisk-dev
mailing list