Wireshark-users: Re: [Wireshark-users] Monitoring VoIP Traffic

From: "Irakli Natshvlishvili" <iraklin@xxxxxxxxx>
Date: Wed, 23 May 2007 10:03:49 -0800
Well, you have not mentioned what type of VoIP network are you deploying - SIP/MGCP/H323/Skinny?

Secondly, 'vulnerability testing' requires definitiondepending on the network and infrastructure. What exactly are you going to test - how your firewalls pass/block voip traffic? How your application servers and endpoints react on malformed messages? Is it possible to do Man-in-the-middle attack or password sniffing/decrypting?


--i.n.

On 5/23/07, William Grayson <wgrayson@xxxxxxxxxx> wrote:
Dear Wireshark-

I am in the process of deploying a VoIP carrier network where I am
installing Juniper M7i routers in 10 cities.  What tools can I use out
there to monitor voip traffic and do some vulnerability testing?

I would like to pretend I am a DoS person out there attacking the
network.

wg

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of
wireshark-users-request@xxxxxxxxxxxxx
Sent: Wednesday, May 23, 2007 1:17 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: Wireshark-users Digest, Vol 12, Issue 45

Send Wireshark-users mailing list submissions to
        wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
         http://www.wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
        wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
        wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Sniffing AIM traffic (Mike W)
   2. Help needed on interpretation of dump (Wolfgang Heidrich)


----------------------------------------------------------------------

Message: 1
Date: Wed, 23 May 2007 11:22:52 -0400
From: "Mike W" <mike.wilhide@xxxxxxxxx>
Subject: [Wireshark-users] Sniffing AIM traffic
To: wireshark < wireshark-users@xxxxxxxxxxxxx>
Message-ID:
        <b3c95b150705230822i4d932122i864eaf17776044f6@xxxxxxxxxxxxxx >
Content-Type: text/plain; charset="iso-8859-1"

I've been playing around with Wireshark recently, attempting to get
familiar
with the app and with traffic analyzing.  I wanted to see what would
happen
if I tried sniffing AIM traffic from one of the PCs on my LAN.

When AIM is connecting to the oscar server directly, I'll see no AIM
traffic
at all.  I sign on/off (I see the HTTP traffic generated by this
process,
but nothing else), send messages, get buddy info, etc.  but Wireshark
isn't
picking up any AIM packets.  I have the filter set to only view traffic
from
the host running AIM.  When I route AIM through my Squid proxy, I can
see
everything as HTTP requests.  I've gone through all my settings, which I
haven't changed since installation, and can't see anything wrong with
them.

Is there something that I'm missing here?  Am I looking at the wrong
traffic?  I've tried with no filters, as well as filtering by port and
host.

At first I thought that my NIC wasn't dropping into promiscuous mode
properly or something, but I can still seea lot of traffic from other
hosts
on my network.  I also tried sniffing from my windows machine using
Wireshark, but with the same results.

Any help would be very appreciated.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.wireshark.org/lists/wireshark-users/attachments/20070523/aebb
c887/attachment.htm

------------------------------

Message: 2
Date: Wed, 23 May 2007 16:54:31 +0200
From: "Wolfgang Heidrich" <Wolfgang.Heidrich@xxxxxxxxxxx >
Subject: [Wireshark-users] Help needed on interpretation of dump
To: <wireshark-users@xxxxxxxxxxxxx>
Message-ID:
        < BNEAICJDIBNIHPODBJMGEECDCNAA.Wolfgang.Heidrich@xxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Hello,
although I have disabled all which look like "windows is phoning home" I
found an irritating entry in last nights dump - starting from line 426
onwards. As there is something mentioned like redirect, do I have
malware on
my PC? Who can help me? The dump-file is attached.
If someone finds other irregularites, please inform me as I am a starter
with wireshark.
rgds
akelus

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dump9.cap
Type: application/octet-stream
Size: 558539 bytes
Desc: not available
Url :
http://www.wireshark.org/lists/wireshark-users/attachments/20070523/f412
2417/attachment.obj

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 12, Issue 45
***********************************************
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users



--
I.N.