Wireshark-users: [Wireshark-users] Monitoring VoIP Traffic
From: "William Grayson" <wgrayson@xxxxxxxxxx>
Date: Wed, 23 May 2007 13:52:50 -0400
Dear Wireshark- I am in the process of deploying a VoIP carrier network where I am installing Juniper M7i routers in 10 cities. What tools can I use out there to monitor voip traffic and do some vulnerability testing? I would like to pretend I am a DoS person out there attacking the network. wg -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wireshark-users-request@xxxxxxxxxxxxx Sent: Wednesday, May 23, 2007 1:17 PM To: wireshark-users@xxxxxxxxxxxxx Subject: Wireshark-users Digest, Vol 12, Issue 45 Send Wireshark-users mailing list submissions to wireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://www.wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Sniffing AIM traffic (Mike W) 2. Help needed on interpretation of dump (Wolfgang Heidrich) ---------------------------------------------------------------------- Message: 1 Date: Wed, 23 May 2007 11:22:52 -0400 From: "Mike W" <mike.wilhide@xxxxxxxxx> Subject: [Wireshark-users] Sniffing AIM traffic To: wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <b3c95b150705230822i4d932122i864eaf17776044f6@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" I've been playing around with Wireshark recently, attempting to get familiar with the app and with traffic analyzing. I wanted to see what would happen if I tried sniffing AIM traffic from one of the PCs on my LAN. When AIM is connecting to the oscar server directly, I'll see no AIM traffic at all. I sign on/off (I see the HTTP traffic generated by this process, but nothing else), send messages, get buddy info, etc. but Wireshark isn't picking up any AIM packets. I have the filter set to only view traffic from the host running AIM. When I route AIM through my Squid proxy, I can see everything as HTTP requests. I've gone through all my settings, which I haven't changed since installation, and can't see anything wrong with them. Is there something that I'm missing here? Am I looking at the wrong traffic? I've tried with no filters, as well as filtering by port and host. At first I thought that my NIC wasn't dropping into promiscuous mode properly or something, but I can still seea lot of traffic from other hosts on my network. I also tried sniffing from my windows machine using Wireshark, but with the same results. Any help would be very appreciated. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20070523/aebb c887/attachment.htm ------------------------------ Message: 2 Date: Wed, 23 May 2007 16:54:31 +0200 From: "Wolfgang Heidrich" <Wolfgang.Heidrich@xxxxxxxxxxx> Subject: [Wireshark-users] Help needed on interpretation of dump To: <wireshark-users@xxxxxxxxxxxxx> Message-ID: <BNEAICJDIBNIHPODBJMGEECDCNAA.Wolfgang.Heidrich@xxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Hello, although I have disabled all which look like "windows is phoning home" I found an irritating entry in last nights dump - starting from line 426 onwards. As there is something mentioned like redirect, do I have malware on my PC? Who can help me? The dump-file is attached. If someone finds other irregularites, please inform me as I am a starter with wireshark. rgds akelus -------------- next part -------------- A non-text attachment was scrubbed... Name: dump9.cap Type: application/octet-stream Size: 558539 bytes Desc: not available Url : http://www.wireshark.org/lists/wireshark-users/attachments/20070523/f412 2417/attachment.obj ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 12, Issue 45 ***********************************************
- Follow-Ups:
- Re: [Wireshark-users] Monitoring VoIP Traffic
- From: Irakli Natshvlishvili
- Re: [Wireshark-users] Monitoring VoIP Traffic
- Prev by Date: [Wireshark-users] Sniffing AIM traffic
- Next by Date: Re: [Wireshark-users] Monitoring VoIP Traffic
- Previous by thread: [Wireshark-users] Sniffing AIM traffic
- Next by thread: Re: [Wireshark-users] Monitoring VoIP Traffic
- Index(es):