Esnifant converses VoIP

VoIPong és una aplicació que permet detectar trucades VoIP, soporta els protocols SIP, H323, Cisco’s Skinny Client Protocol, RTP i RTCP, i si les trucades estan codificades amb G711 permet capturar-les en fitxers WAV.

Aquí teniu un exemple, capturant una trucada feta amb l’SJPhone usant Asterisk:

# voipong -c /etc/voipong.conf -d 4 -f
EnderUNIX VOIPONG Voice Over IP Sniffer starting...
Release 1.2-DEVEL, running on cool [Linux 2.6.9-ac12 #1 Thu Dec 9 23:47:02 CET 2004 i686]
	
(c) Murat Balaban http://www.enderunix.org/
16/10/05 20:45:02: EnderUNIX VOIPONG Voice Over IP Sniffer starting...
16/10/05 20:45:02: Release 1.2-DEVEL running on cool [Linux 2.6.9-ac12 #1 Thu Dec 9 23:47:02 CET 2004 i686]. (c) Murat Balaban http://www.enderunix.org/ [pid: 8073]
16/10/05 20:45:02: Default matching algorithm: lfp
16/10/05 20:45:02: loadnet(192.168.1.0/255.255.255.0) method: lfp
16/10/05 20:45:02: loadnet(192.168.1.101/255.255.255.255) method: fixed 49164
16/10/05 20:45:02: loadnet(192.168.1.1/255.255.255.255) method: fixed 13078
16/10/05 20:45:02: ath0 has been opened in  promisc mode. (192.168.1.0/255.255.255.0)
16/10/05 20:45:02: [8074] VoIP call has been detected.
16/10/05 20:45:02: [8074] 192.168.1.1:13078  192.168.1.101:49164
16/10/05 20:45:02: [8074] Encoding: 0-PCMU-8KHz
16/10/05 20:45:34: [8074] maximum waiting time [10 secs] has been elapsed for this call, the call might have been ended.
16/10/05 20:45:34: .WAV file [output/20051016/session-enc0-PCMU-8KHz-192.168.1.1,13078-192.168.1.101,49164.wav] has been created successfully.
16/10/05 20:45:34: .WAV file [output/20051016/session-enc0-PCMU-8KHz-192.168.1.101,49164-192.168.1.1,13078.wav] has been created successfully.

Una altra aplicació interessant és Vomit, que convereix una captura en format pcap (tcpdump o ethereal) d’una trucada feta amb un telèfon IP Cisco (G711) en un fitxer WAV.

This entry was posted in linux, security, voip. Bookmark the permalink.

One Response to Esnifant converses VoIP

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>