Ethereal-users: Re: [Ethereal-users] Sniffing Just VOIP traffic

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: LEGO <luis.ontanon@xxxxxxxxx>
Date: Tue, 7 Mar 2006 00:34:16 +0100
On 3/7/06, Patrick T. McAlister <patrick@xxxxxxxxxxxxx> wrote:
> Can someone tell me how I would configure Ethereal to sniff VOIP traffic
> only on a network?


Depends on what you mean for VOIP traffic.

Signalling only or Signalling and Media?

in regard to signalling which (set of) protocol(s)?
   - SIP ?
   - H323 ?
   - BICC ?
   - MGCP ?
  -  other?

if you are to capture media you need to capture all UDP traffic as
there's no way to know beforehand which udp.port RTP is going to use.

If you need to *display* voip signalling only the filter
    sip || h225 || h245 || q931 || mgcp || bicc
should be enough.

in order to filter in capture you need to know which ports these
protocols are using and set you capture filter accordingly.

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan