Wireshark-users: Re: [Wireshark-users] Sniffer for VoIP
From: miguel olivares varela <klica_sk8@xxxxxxxxxxx>
Date: Wed, 22 Oct 2008 07:18:13 -0700
|
You can use rtpbreak in works really nice but it's only for Linux, i'm not sure than you can use thark in order to generate all the audios. > From: wireshark-users-request@xxxxxxxxxxxxx > Subject: Wireshark-users Digest, Vol 29, Issue 34 > To: wireshark-users@xxxxxxxxxxxxx > Date: Wed, 22 Oct 2008 05:37:31 -0700 > > Send Wireshark-users mailing list submissions to > wireshark-users@xxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://wireshark.org/mailman/listinfo/wireshark-users > or, via email, send a message with subject or body 'help' to > wireshark-users-request@xxxxxxxxxxxxx > > You can reach the person managing the list at > wireshark-users-owner@xxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Wireshark-users digest..." > > > Today's Topics: > > 1. Re: Sniffer for VoIP (j.snelders@xxxxxxxxxx) > 2. Re: Can Wireshark query the captured data? (j.snelders@xxxxxxxxxx) > 3. Re: Wireshark-users Digest, Vol 29, Issue 33 ( ??? ) > 4. Leopard and AirPort, only my own packets (Marco De Vitis) > 5. Re: Leopard and AirPort, only my own packets (Guy Harris) > 6. Re: Leopard and AirPort, only my own packets (Marco De Vitis) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 21 Oct 2008 21:09:48 +0200 > From: j.snelders@xxxxxxxxxx > Subject: Re: [Wireshark-users] Sniffer for VoIP > To: wireshark-users@xxxxxxxxxxxxx > Message-ID: <481B206B00090D17@xxxxxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="US-ASCII" > > Hi Nivaldo > > You can use Tshark, the command-line tool. > Or take a look at message d.d. Date: Sun, 19 Oct 2008 10:09:46 +0200 > Wireshark-users: Re: [Wireshark-users] Running Wireshark as windows service > > > Grtz > Joan > > On Tue, 21 Oct 2008 10:15:45 -0300 Nivaldo J?nior wrote: > > I need a sniffer for VoIP. I'm testing VoIPong but some calls are not > > detected. I tested with wireshark and all calls are detected and i can > > generate the waves, but i need a command line system to be running in > > background and generating all audios. > > I have some resources for this project, so if someone knows how to do > > that, please contact me as soon as possible. > > My MSN is junior@xxxxxxxxxxxxxx and my Skype is nivaldomjunior. > > > > > > > > > > ------------------------------ > > Message: 2 > Date: Tue, 21 Oct 2008 21:15:42 +0200 > From: j.snelders@xxxxxxxxxx > Subject: Re: [Wireshark-users] Can Wireshark query the captured data? > To: wireshark-users@xxxxxxxxxxxxx > Message-ID: <481B206B00090D32@xxxxxxxxxxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="US-ASCII" > > Hi Abdu, > > You'll find a lot of usefull information in the user guide: > http://www.wireshark.org/docs/wsug_html/ > > In a nutshell... > Add a column to display the packete length(bytes) > Edit - Preferences - User interface - Columns > Select : New > Properties: > Title: change the title to Length > Format: select Packete length(bytes) > Apply - OK > > > Use capture and/or display filters. > http://wiki.wireshark.org/CaptureFilters > http://wiki.wireshark.org/DisplayFilters > > You can use a capture filter to capture only http traffic > Capture - Option - Capture filter > select: Filter name: HTTP TCP port (80) Filter string: tcp port http > > You can use filters to capture traffic to/from specific host: > capture filter: > to/from: host 192.168.100.44 > to: dst host 192.168.100.44 > from: src host 192.168.100.44 > > display filter: > to/from : ip.addr == 192.168.100.44 > to : ip.dst == 192.168.100.44 > from : ip.src == 192.168.100.44 > > > While capturing you for instance can look at: > Analyze - Expert Info Composite > Statistics - Conversations > > In the "Conversations Window" you can right-click on a > interesting conversation to apply a filter. > > Hope this helps > Joan > > > On Tue, 21 Oct 2008 00:03:21 +0000 abdu bukres wrote: > > I have been using Wireshark in a simple usage looking at the data. > > > > Can Wireshark be used to query the data a bit like SQL, something like: > > List the top 10 ip addresses which caused the most number > > of hits or tcp traffic during the last 10 minutes? > > > > I don't know if Wireshark can capture number of bytes sent > > out in http responses, so can it list which ip addresses are causing > > a lot of outbound traffic? > > > > I would like to query the data captured by Wireshark and > > query it like a database. > > > > Simple examples can get me going fast. > > > > If Wireshark can't do it, any ideas for other sniffers? > > > > > > > ------------------------------ > > Message: 3 > Date: Wed, 22 Oct 2008 08:59:32 +0800 > From: " ??? " <cduter@xxxxxx> > Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 29, Issue > 33 > To: wireshark-users@xxxxxxxxxxxxx > Message-ID: <20081022010543.5B79C476BB@xxxxxxxxxxxxxxxxxx> > Content-Type: text/plain; charset="gb2312" > > wireshark-users-request,??? > > good idear! The Wireshark can capture the data and store it in the database,good ,good.But i think that the wrieshark can do it right now,i am writing a c program to analyze the pcap files ,it can get the detail data and store them in the databses ,which make i can find the top ip :) > > > > ??? > cduter@xxxxxx > 2008-10-22 > > ======= 2008-10-22 03:00 12:00:05 ???????: Wireshark-users Digest, Vol 29, Issue 33======= > > Send Wireshark-users mailing list submissions to > wireshark-users@xxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://wireshark.org/mailman/listinfo/wireshark-users > or, via email, send a message with subject or body 'help' to > wireshark-users-request@xxxxxxxxxxxxx > > You can reach the person managing the list at > wireshark-users-owner@xxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Wireshark-users digest..." > > > Today's Topics: > > 1. Re: Can Wireshark query the captured data? (Breno Jacinto) > 2. Sniffer for VoIP ( Nivaldo J?nior ) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 20 Oct 2008 21:30:36 -0300 > From: "Breno Jacinto" > Subject: Re: [Wireshark-users] Can Wireshark query the captured data? > To: "Community support list for Wireshark" > > Message-ID: > <2ced936d0810201730o6f4b3c68off637e5fc0338456@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=WINDOWS-1252 > > Hello, > > I was just skimming through all the documentation available at > http://www.wireshark.org/bibliography.html, and I think the > video-article "Advanced I/O Graphing" may be of your interest. Take a > look at http://novellevents.novell.com/t/2261821/56771533/6387/0/ > > best regards, > > 2008/10/20 abdu bukres : > > > > I have been using Wireshark in a simple usage looking at the data. > > > > Can Wireshark be used to query the data a bit like SQL, something like: > > > > List the top 10 ip addresses which caused the most number of hits or tcp > > traffic during the last 10 minutes? > > > > I don't know if Wireshark can capture number of bytes sent out in http > > responses, so can it list which ip addresses are causing a lot of outbound > > traffic? > > > > I would like to query the data captured by Wireshark and query it like a > > database. > > > > Simple examples can get me going fast. > > > > If Wireshark can't do it, any ideas for other sniffers? > > > > Thanks. > > > > Abdu > > > > ________________________________ > > When your life is on the go?take your life with you. Try Windows Mobile(R) > > today > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > https://wireshark.org/mailman/listinfo/wireshark-users > > > > > > > > -- > -- > :: Breno Jacinto :: > :: breno - at - gprt.ufpe.br :: > :: FingerPrint :: > 2F15 8A61 F566 E442 8581 > E3C0 EFF4 E202 74B7 7484 > :: Persistir no dif?cil ? a ?nica maneira de torn?-lo f?cil algum dia. :: > > > ------------------------------ > > Message: 2 > Date: Tue, 21 Oct 2008 10:15:45 -0300 > From: " Nivaldo J?nior " > Subject: [Wireshark-users] Sniffer for VoIP > To: wireshark-users@xxxxxxxxxxxxx > Message-ID: > > Content-Type: text/plain; charset=ISO-8859-1 > > Hi all, > > I need a sniffer for VoIP. I'm testing VoIPong but some calls are not > detected. I tested with wireshark and all calls are detected and i can > generate the waves, but i need a command line system to be running in > background and generating all audios. > I have some resources for this project, so if someone knows how to do > that, please contact me as soon as possible. > My MSN is junior@xxxxxxxxxxxxxx and my Skype is nivaldomjunior. > > Regards, > > -- > Nivaldo J?nior > nivaldomjunior@xxxxxxxxx > > > ------------------------------ > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > End of Wireshark-users Digest, Vol 29, Issue 33 > *********************************************** > > . > > > = = = = = = = = = = = = = = = = = = = = > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: http://www.wireshark.org/lists/wireshark-users/attachments/20081022/201a2ad4/attachment.htm > > ------------------------------ > > Message: 4 > Date: Wed, 22 Oct 2008 00:52:36 +0200 > From: Marco De Vitis <starless@xxxxxxx> > Subject: [Wireshark-users] Leopard and AirPort, only my own packets > To: wireshark-users@xxxxxxxxxxxxx > Message-ID: <gdlmfk$nht$1@xxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-15; format=flowed > > Hi, > I'm doing some tests on my own wifi network, which is protected using > WPA Personal. > > I have a Windows notebook and a MacBook running OSX 10.5.5. I want to > try running Wireshark on the MacBook for sniffing traffic happening from > the Win machine. > > I connect both machines to the network, then start Wireshark on the Mac > (the binary download for Intel machines on the official Wireshark web > site, installed as the docs recommend), start capturing in promiscuous > mode, and then try doing something on the Win machine, like browsing the > web or downloading mail, but this activity is not logged: I can only see > traffic from the MacBook itself. > > I've read related docs in the wiki a couple of times, and I'm a bit > confused now. As far as I understand, it should all work fine with my > setup. Am I wrong? Am I missing anything? > > Thanks. > > -- > Ciao, > Marco. > > > > ------------------------------ > > Message: 5 > Date: Wed, 22 Oct 2008 01:54:21 -0700 > From: Guy Harris <guy@xxxxxxxxxxxx> > Subject: Re: [Wireshark-users] Leopard and AirPort, only my own > packets > To: Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx> > Message-ID: <E3F38D3F-57B3-4457-A9DA-029B25A9842D@xxxxxxxxxxxx> > Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes > > > On Oct 21, 2008, at 3:52 PM, Marco De Vitis wrote: > > > I'm doing some tests on my own wifi network, which is protected using > > WPA Personal. > > > > I have a Windows notebook and a MacBook running OSX 10.5.5. I want to > > try running Wireshark on the MacBook for sniffing traffic happening > > from > > the Win machine. > > It might be that the AirPort adapter on your MacBook will only capture > traffic from other machines on your network when in monitor mode (on > Leopard, to go into monitor mode you currently have to select a "link- > layer header type" other than Ethernet), even in promiscuous mode. I > think some (perhaps all) wireless adapters will not actually work > promiscuously on protected networks as they can't decrypt traffic to > or from other machines; they'll capture the traffic in monitor mode, > but, in order to see that traffic decrypted, you'll need to provide > the password for the network *and* capture the initial setup: > > http://wiki.wireshark.org/HowToDecrypt802.11 > > > ------------------------------ > > Message: 6 > Date: Wed, 22 Oct 2008 14:37:15 +0200 > From: Marco De Vitis <starless@xxxxxxx> > Subject: Re: [Wireshark-users] Leopard and AirPort, only my own > packets > To: wireshark-users@xxxxxxxxxxxxx > Message-ID: <gdn6pr$sng$1@xxxxxxxxxxxxx> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Il 22-10-2008 10:54, Guy Harris ha scritto: > > > Leopard, to go into monitor mode you currently have to select a "link- > > layer header type" other than Ethernet), even in promiscuous mode. I > > Indeed, I tried the other two link-layer header types available, "IEEE > 802.11 Wireless LAN" and "IEEE 802.11 plus AVS WLAN header", but I > couldn't interpret the results: it appeared that some data packets were > captured, but the seemed to be encrypted or something. > > > or from other machines; they'll capture the traffic in monitor mode, > > but, in order to see that traffic decrypted, you'll need to provide > > the password for the network *and* capture the initial setup: > > > > http://wiki.wireshark.org/HowToDecrypt802.11 > > Ah, thanks, I missed this. I actually wondered if the captured traffic > was encrypted or not (see above), but didn't see mentions of this aspect > in the wiki (http://wiki.wireshark.org/CaptureSetup/WLAN). > I'll try when I get back home. > > -- > Ciao, > Marco. > > > > ------------------------------ > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > End of Wireshark-users Digest, Vol 29, Issue 34 > *********************************************** Discover the new Windows Vista Learn more! |
- Follow-Ups:
- Re: [Wireshark-users] Sniffer for VoIP
- From: Nivaldo Júnior
- Re: [Wireshark-users] Sniffer for VoIP
- Prev by Date: Re: [Wireshark-users] Leopard and AirPort, only my own packets
- Next by Date: [Wireshark-users] Achieving TCP reassembly with a Lua dissector
- Previous by thread: Re: [Wireshark-users] Sniffer for VoIP
- Next by thread: Re: [Wireshark-users] Sniffer for VoIP
- Index(es):