[asterisk-users] OT: Capture Asterisk traffic

Salvatore Giudice Salvatore.Giudice at VoIPSecurityTraining.com
Tue May 1 14:20:29 MST 2007 

Ethereal will let you export an rtp stream as a .au file. That's one of the
very minor items we cover in our conference series and our VoIP 100 course.

There is a lot more fun to be had when you get into RTP sequence number
prediction and RTP stream I injection.

--------------------------------------------------
Salvatore Giudice
Salvatore.Giudice at VoIPSecurityTraining.com

VoIP Security Training, LLC
http://VoIPSecurityTraining.com

848 N. Rainbow Blvd. #1676
Las Vegas, NV 89107
Phone: (617) 959-7625
Fax: (214) 279-2906


-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Doug Garstang
Sent: Tuesday, May 01, 2007 3:47 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] OT: Capture Asterisk traffic

I remember an app called 'vomit' that could allegedly reconstruct audio 
files from tcpdump pcap files.

Salvatore Giudice wrote:
> I think you want:
>
> tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp dst portrange
> 5060-65534
>
>
>
> dst port port 
> True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
> destination port value of port. The port can be a number or a name used in
> /etc/services (see tcp(4P) and udp(4P)). If a name is used, both the port
> number and protocol are checked. If a number or ambiguous name is used,
only
> the port number is checked (e.g., dst port 513 will print both tcp/login
> traffic and udp/who traffic, and port domain will print both tcp/domain
and
> udp/domain traffic). 
> src port port 
> True if the packet has a source port value of port. 
> port port 
> True if either the source or destination port of the packet is port. 
> dst portrange port1-port2 
> True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
> destination port value between port1 and port2. port1 and port2 are
> interpreted in the same fashion as the port parameter for port. 
> src portrange port1-port2 
> True if the packet has a source port value between port1 and port2. 
> portrange port1-port2 
> True if either the source or destination port of the packet is between
port1
> and port2. 
> Any of the above port or port range expressions can be prepended with the
> keywords, tcp or udp, as in:
>
> --------------------------------------------------
> Salvatore Giudice
> Salvatore.Giudice at VoIPSecurityTraining.com
>
> VoIP Security Training, LLC
> http://VoIPSecurityTraining.com
>
> 848 N. Rainbow Blvd. #1676
> Las Vegas, NV 89107
> Phone: (617) 959-7625
> Fax: (214) 279-2906
>
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of CSB
> Sent: Tuesday, May 01, 2007 1:32 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: [asterisk-users] OT: Capture Asterisk traffic
>
> I want to capture all my Asterisk traffic (including RTP) and then analyse

> it.
>
> My plan was to use tcpdump and then analyse with Wireshark. The following 
> works:
> tcpdump -i eth0 -s 0 -w /tmp/tcpdump.1
>
> But I want to be a bit more selective:
> tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060
>
> This doesn't capture the RTP traffic. Could anyone advise what I'm doing
> wrong or suggest a better way?
>
> Thanks
>
> Cameron
>
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
>   

_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list