[asterisk-users] OT: Capture Asterisk traffic
Salvatore Giudice
Salvatore.Giudice at VoIPSecurityTraining.com
Tue May 1 14:20:29 MST 2007
Ethereal will let you export an rtp stream as a .au file. That's one of the
very minor items we cover in our conference series and our VoIP 100 course.
There is a lot more fun to be had when you get into RTP sequence number
prediction and RTP stream I injection.
--------------------------------------------------
Salvatore Giudice
Salvatore.Giudice at VoIPSecurityTraining.com
VoIP Security Training, LLC
http://VoIPSecurityTraining.com
848 N. Rainbow Blvd. #1676
Las Vegas, NV 89107
Phone: (617) 959-7625
Fax: (214) 279-2906
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Doug Garstang
Sent: Tuesday, May 01, 2007 3:47 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] OT: Capture Asterisk traffic
I remember an app called 'vomit' that could allegedly reconstruct audio
files from tcpdump pcap files.
Salvatore Giudice wrote:
> I think you want:
>
> tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp dst portrange
> 5060-65534
>
>
>
> dst port port
> True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
> destination port value of port. The port can be a number or a name used in
> /etc/services (see tcp(4P) and udp(4P)). If a name is used, both the port
> number and protocol are checked. If a number or ambiguous name is used,
only
> the port number is checked (e.g., dst port 513 will print both tcp/login
> traffic and udp/who traffic, and port domain will print both tcp/domain
and
> udp/domain traffic).
> src port port
> True if the packet has a source port value of port.
> port port
> True if either the source or destination port of the packet is port.
> dst portrange port1-port2
> True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
> destination port value between port1 and port2. port1 and port2 are
> interpreted in the same fashion as the port parameter for port.
> src portrange port1-port2
> True if the packet has a source port value between port1 and port2.
> portrange port1-port2
> True if either the source or destination port of the packet is between
port1
> and port2.
> Any of the above port or port range expressions can be prepended with the
> keywords, tcp or udp, as in:
>
> --------------------------------------------------
> Salvatore Giudice
> Salvatore.Giudice at VoIPSecurityTraining.com
>
> VoIP Security Training, LLC
> http://VoIPSecurityTraining.com
>
> 848 N. Rainbow Blvd. #1676
> Las Vegas, NV 89107
> Phone: (617) 959-7625
> Fax: (214) 279-2906
>
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of CSB
> Sent: Tuesday, May 01, 2007 1:32 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: [asterisk-users] OT: Capture Asterisk traffic
>
> I want to capture all my Asterisk traffic (including RTP) and then analyse
> it.
>
> My plan was to use tcpdump and then analyse with Wireshark. The following
> works:
> tcpdump -i eth0 -s 0 -w /tmp/tcpdump.1
>
> But I want to be a bit more selective:
> tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060
>
> This doesn't capture the RTP traffic. Could anyone advise what I'm doing
> wrong or suggest a better way?
>
> Thanks
>
> Cameron
>
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list