<br><br><div class="gmail_quote">On Fri, Apr 23, 2010 at 9:14 PM, Daniel Bareiro <span dir="ltr"><<a href="mailto:daniel-listas@gmx.net">daniel-listas@gmx.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
</div>El jueves 22 de abril del 2010 a las 14:33:01 -0300,<br>
Philipp von Klitzing escribió:<br>
<br>
> Hi!<br>
<br>
Hi, Philipp.<br>
<div class="im"><br>
>> But it draws attention to me between the PC with softphone and the<br>
>> telephone I see traffic ARP or ICMP that could make to try between<br>
>> the equipment but does not see RTP. Is there some special<br>
>> consideration that it must to observe?<br>
<br>
> Your English is seriously twisted, making your question impossible to<br>
> understand. My feeling is that you have used a machine translation<br>
> service.<br>
><br>
> Your question is probably:<br>
> "I can see ARP and ICMP, but not RTP, what am I missing?"<br>
<br>
</div>Perhaps it was not very clear, but yes, I was talking about this. I<br>
believe that I found the cause of the problem. The cause by which I was<br>
not seeing VoIP traffic between 10.1.0.38 and 10.1.0.65 is because there<br>
is no direct traffic among them but that is between each party and the<br>
Asterisk server :-) So using ettercap with de IP of Asterisk server and<br>
10.1.0.65 I can now capture and play calls from this IP to 10.1.0.38 or<br>
vice versa.<br>
<br>
But I'm noticing that playing from Wireshark it can be heard delayed. Is<br>
it normal to happen?<br>
<br>
On the other hand, I had to change the order of preference of the codecs<br>
in the sip.conf so that G711 is preferred over GSM, because it was<br>
configured in a reverse order of preference and I see that the RTP<br>
player of Wireshark does not support GSM. Do you know any<br>
way to play GSM directly from the captured packets?<br>
<div class="im"><br>
> How did you place your virtual "listening" machine into the network,<br>
> is it connected to an old hub, or a switch, or the mirroring port of a<br>
> switch, or does it use the same NIC (and computer) as the softphone?<br>
> You will first need to get "in between" the two endpoints in order to<br>
> be able to capture that point-to-point RTP traffic - there are<br>
> "normal" and "malicious" ways to achieve that.<br>
<br>
</div>I have a switch that connects to the phone (10.1.0.38), PC with<br>
softphone (10.1.0.65), the Asterisk server and a VMHost that has the<br>
virtual machine where I use ettercap and tcpdump.<br>
<br>
<br>
Thanks for your reply.<br>
<div class="im"><br>
Regards,<br>
Daniel<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.9 (GNU/Linux)<br>
<br>
</div>iEYEARECAAYFAkvSRfcACgkQZpa/GxTmHTfCzQCdHhYG9ur6tuM+sd7q/v0on9RL<br>
pvAAnRw9coB7mtsF7PBFj0fQJ6mTw5Oo<br>
=3gN6<br>
-----END PGP SIGNATURE-----<br>
<div><div></div><div class="h5"><br><br></div></div></blockquote><div>Check out <em>Cain</em> & <em>Abel</em> <a href="http://www.oxid.it/">http://www.oxid.it/</a> and OrecX <a href="http://www.orecx.com/web/products-orekagpl.php">http://www.orecx.com/web/products-orekagpl.php</a>. Oreca will run just fine on your Asterisk box.<br>
<br>I am not sure what kind of security audit you are trying to do. What you propose is simple and simply the way things work, it is not security.<br><br>Thanks,<br>Steve T<br></div></div>