Esnifant converses VoIP

VoIPong és una aplicació que permet detectar trucades VoIP, soporta els protocols SIP, H323, Cisco’s Skinny Client Protocol, RTP i RTCP, i si les trucades estan codificades amb G711 permet capturar-les en fitxers WAV.

Aquí teniu un exemple, capturant una trucada feta amb l’SJPhone usant Asterisk:

# voipong -c /etc/voipong.conf -d 4 -f
EnderUNIX VOIPONG Voice Over IP Sniffer starting...
Release 1.2-DEVEL, running on cool [Linux 2.6.9-ac12 #1 Thu Dec 9 23:47:02 CET 2004 i686]
	
(c) Murat Balaban http://www.enderunix.org/
16/10/05 20:45:02: EnderUNIX VOIPONG Voice Over IP Sniffer starting...
16/10/05 20:45:02: Release 1.2-DEVEL running on cool [Linux 2.6.9-ac12 #1 Thu Dec 9 23:47:02 CET 2004 i686]. (c) Murat Balaban http://www.enderunix.org/ [pid: 8073]
16/10/05 20:45:02: Default matching algorithm: lfp
16/10/05 20:45:02: loadnet(192.168.1.0/255.255.255.0) method: lfp
16/10/05 20:45:02: loadnet(192.168.1.101/255.255.255.255) method: fixed 49164
16/10/05 20:45:02: loadnet(192.168.1.1/255.255.255.255) method: fixed 13078
16/10/05 20:45:02: ath0 has been opened in  promisc mode. (192.168.1.0/255.255.255.0)
16/10/05 20:45:02: [8074] VoIP call has been detected.
16/10/05 20:45:02: [8074] 192.168.1.1:13078 < --> 192.168.1.101:49164
16/10/05 20:45:02: [8074] Encoding: 0-PCMU-8KHz
16/10/05 20:45:34: [8074] maximum waiting time [10 secs] has been elapsed for this call, the call might have been ended.
16/10/05 20:45:34: .WAV file [output/20051016/session-enc0-PCMU-8KHz-192.168.1.1,13078-192.168.1.101,49164.wav] has been created successfully.
16/10/05 20:45:34: .WAV file [output/20051016/session-enc0-PCMU-8KHz-192.168.1.101,49164-192.168.1.1,13078.wav] has been created successfully.

Una altra aplicació interessant és Vomit, que convereix una captura en format pcap (tcpdump o ethereal) d’una trucada feta amb un telèfon IP Cisco (G711) en un fitxer WAV.