Wireshark-users: Re: [Wireshark-users] Monitoring VoIP Traffic
From: "Irakli Natshvlishvili" <iraklin@xxxxxxxxx>
Date: Wed, 23 May 2007 10:03:49 -0800
Well, you have not mentioned what type of VoIP network are you deploying - SIP/MGCP/H323/Skinny?
Secondly, 'vulnerability testing' requires definitiondepending on the network and infrastructure. What exactly are you going to test - how your firewalls pass/block voip traffic? How your application servers and endpoints react on malformed messages? Is it possible to do Man-in-the-middle attack or password sniffing/decrypting?
--i.n.
--
I.N.
Secondly, 'vulnerability testing' requires definitiondepending on the network and infrastructure. What exactly are you going to test - how your firewalls pass/block voip traffic? How your application servers and endpoints react on malformed messages? Is it possible to do Man-in-the-middle attack or password sniffing/decrypting?
--i.n.
On 5/23/07, William Grayson <wgrayson@xxxxxxxxxx> wrote:
Dear Wireshark-
I am in the process of deploying a VoIP carrier network where I am
installing Juniper M7i routers in 10 cities. What tools can I use out
there to monitor voip traffic and do some vulnerability testing?
I would like to pretend I am a DoS person out there attacking the
network.
wg
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
wireshark-users-request@xxxxxxxxxxxxx
Sent: Wednesday, May 23, 2007 1:17 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Wireshark-users Digest, Vol 12, Issue 45
Send Wireshark-users mailing list submissions to
wireshark-users@xxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://www.wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
wireshark-users-request@xxxxxxxxxxxxx
You can reach the person managing the list at
wireshark-users-owner@xxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."
Today's Topics:
1. Sniffing AIM traffic (Mike W)
2. Help needed on interpretation of dump (Wolfgang Heidrich)
----------------------------------------------------------------------
Message: 1
Date: Wed, 23 May 2007 11:22:52 -0400
From: "Mike W" <mike.wilhide@xxxxxxxxx>
Subject: [Wireshark-users] Sniffing AIM traffic
To: wireshark < wireshark-users@xxxxxxxxxxxxx>
Message-ID:
<b3c95b150705230822i4d932122i864eaf17776044f6@xxxxxxxxxxxxxx >
Content-Type: text/plain; charset="iso-8859-1"
I've been playing around with Wireshark recently, attempting to get
familiar
with the app and with traffic analyzing. I wanted to see what would
happen
if I tried sniffing AIM traffic from one of the PCs on my LAN.
When AIM is connecting to the oscar server directly, I'll see no AIM
traffic
at all. I sign on/off (I see the HTTP traffic generated by this
process,
but nothing else), send messages, get buddy info, etc. but Wireshark
isn't
picking up any AIM packets. I have the filter set to only view traffic
from
the host running AIM. When I route AIM through my Squid proxy, I can
see
everything as HTTP requests. I've gone through all my settings, which I
haven't changed since installation, and can't see anything wrong with
them.
Is there something that I'm missing here? Am I looking at the wrong
traffic? I've tried with no filters, as well as filtering by port and
host.
At first I thought that my NIC wasn't dropping into promiscuous mode
properly or something, but I can still seea lot of traffic from other
hosts
on my network. I also tried sniffing from my windows machine using
Wireshark, but with the same results.
Any help would be very appreciated.
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20070523/aebb
c887/attachment.htm
------------------------------
Message: 2
Date: Wed, 23 May 2007 16:54:31 +0200
From: "Wolfgang Heidrich" <Wolfgang.Heidrich@xxxxxxxxxxx >
Subject: [Wireshark-users] Help needed on interpretation of dump
To: <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
< BNEAICJDIBNIHPODBJMGEECDCNAA.Wolfgang.Heidrich@xxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
Hello,
although I have disabled all which look like "windows is phoning home" I
found an irritating entry in last nights dump - starting from line 426
onwards. As there is something mentioned like redirect, do I have
malware on
my PC? Who can help me? The dump-file is attached.
If someone finds other irregularites, please inform me as I am a starter
with wireshark.
rgds
akelus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dump9.cap
Type: application/octet-stream
Size: 558539 bytes
Desc: not available
Url :
http://www.wireshark.org/lists/wireshark-users/attachments/20070523/f412
2417/attachment.obj
------------------------------
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
End of Wireshark-users Digest, Vol 12, Issue 45
***********************************************
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
I.N.
- References:
- [Wireshark-users] Monitoring VoIP Traffic
- From: William Grayson
- [Wireshark-users] Monitoring VoIP Traffic
- Prev by Date: [Wireshark-users] Monitoring VoIP Traffic
- Next by Date: Re: [Wireshark-users] Help about 'decode as'
- Previous by thread: [Wireshark-users] Monitoring VoIP Traffic
- Next by thread: Re: [Wireshark-users] Wireshark-users Digest, Vol 12, Issue 46
- Index(es):