[asterisk-users] Security tests

Daniel Bareiro daniel-listas at gmx.net
Fri Apr 23 20:14:15 CDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

El jueves 22 de abril del 2010 a las 14:33:01 -0300,
Philipp von Klitzing escribió:

> Hi!

Hi, Philipp.

>> But it draws attention to me between the PC with softphone and the
>> telephone I see traffic ARP or ICMP that could make to try between
>> the equipment but does not see RTP. Is there some special
>> consideration that it must to observe?

> Your English is seriously twisted, making your question impossible to
> understand. My feeling is that you have used a machine translation
> service.
>
> Your question is probably: 
> "I can see ARP and ICMP, but not RTP, what am I missing?"

Perhaps it was not very clear, but yes, I was talking about this. I
believe that I found the cause of the problem. The cause by which I was
not seeing VoIP traffic between 10.1.0.38 and 10.1.0.65 is because there
is no direct traffic among them but that is between each party and the
Asterisk server :-) So using ettercap with de IP of Asterisk server and
10.1.0.65 I can now capture and play calls from this IP to 10.1.0.38 or
vice versa.

But I'm noticing that playing from Wireshark it can be heard delayed. Is
it normal to happen?

On the other hand, I had to change the order of preference of the codecs
in the sip.conf so that G711 is preferred over GSM, because it was
configured in a reverse order of preference and I see that the RTP
player of Wireshark does not support GSM. Do you know any
way to play GSM directly from the captured packets?

> How did you place your virtual "listening" machine into the network,
> is it connected to an old hub, or a switch, or the mirroring port of a
> switch, or does it use the same NIC (and computer) as the softphone?
> You will first need to get "in between" the two endpoints in order to
> be able to capture that point-to-point RTP traffic - there are
> "normal" and "malicious" ways to achieve that.

I have a switch that connects to the phone (10.1.0.38), PC with
softphone (10.1.0.65), the Asterisk server and a VMHost that has the
virtual machine where I use ettercap and tcpdump.


Thanks for your reply.

Regards,
Daniel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkvSRfcACgkQZpa/GxTmHTfCzQCdHhYG9ur6tuM+sd7q/v0on9RL
pvAAnRw9coB7mtsF7PBFj0fQJ6mTw5Oo
=3gN6
-----END PGP SIGNATURE-----




More information about the asterisk-users mailing list