Wireshark-users: Re: [Wireshark-users] Sniffer for VoIP
From: "Nivaldo Júnior" <nivaldomjunior@xxxxxxxxx>
Date: Wed, 22 Oct 2008 16:04:48 -0300
Hi, Ok thank you! I'm using rtpbreak and developed an perl script to generate the audios on demand. It's working. 2008/10/22 miguel olivares varela <klica_sk8@xxxxxxxxxxx>: > > You can use rtpbreak in works really nice but it's only for Linux, i'm not > sure than you can use thark in order to generate all the audios. > > > >> From: wireshark-users-request@xxxxxxxxxxxxx >> Subject: Wireshark-users Digest, Vol 29, Issue 34 >> To: wireshark-users@xxxxxxxxxxxxx >> Date: Wed, 22 Oct 2008 05:37:31 -0700 >> >> Send Wireshark-users mailing list submissions to >> wireshark-users@xxxxxxxxxxxxx >> >> To subscribe or unsubscribe via the World Wide Web, visit >> https://wireshark.org/mailman/listinfo/wireshark-users >> or, via email, send a message with subject or body 'help' to >> wireshark-users-request@xxxxxxxxxxxxx >> >> You can reach the person managing the list at >> wireshark-users-owner@xxxxxxxxxxxxx >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of Wireshark-users digest..." >> >> >> Today's Topics: >> >> 1. Re: Sniffer for VoIP (j.snelders@xxxxxxxxxx) >> 2. Re: Can Wireshark query the captured data? (j.snelders@xxxxxxxxxx) >> 3. Re: Wireshark-users Digest, Vol 29, Issue 33 ( ??? ) >> 4. Leopard and AirPort, only my own packets (Marco De Vitis) >> 5. Re: Leopard and AirPort, only my own packets (Guy Harris) >> 6. Re: Leopard and AirPort, only my own packets (Marco De Vitis) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Tue, 21 Oct 2008 21:09:48 +0200 >> From: j.snelders@xxxxxxxxxx >> Subject: Re: [Wireshark-users] Sniffer for VoIP >> To: wireshark-users@xxxxxxxxxxxxx >> Message-ID: <481B206B00090D17@xxxxxxxxxxxxxxxxxxxxxxxxxx> >> Content-Type: text/plain; charset="US-ASCII" >> >> Hi Nivaldo >> >> You can use Tshark, the command-line tool. >> Or take a look at message d.d. Date: Sun, 19 Oct 2008 10:09:46 +0200 >> Wireshark-users: Re: [Wireshark-users] Running Wireshark as windows >> service >> >> >> Grtz >> Joan >> >> On Tue, 21 Oct 2008 10:15:45 -0300 Nivaldo J?nior wrote: >> > I need a sniffer for VoIP. I'm testing VoIPong but some calls are not >> > detected. I tested with wireshark and all calls are detected and i can >> > generate the waves, but i need a command line system to be running in >> > background and generating all audios. >> > I have some resources for this project, so if someone knows how to do >> > that, please contact me as soon as possible. >> > My MSN is junior@xxxxxxxxxxxxxx and my Skype is nivaldomjunior. >> >> >> >> >> >> >> >> >> >> ------------------------------ >> >> Message: 2 >> Date: Tue, 21 Oct 2008 21:15:42 +0200 >> From: j.snelders@xxxxxxxxxx >> Subject: Re: [Wireshark-users] Can Wireshark query the captured data? >> To: wireshark-users@xxxxxxxxxxxxx >> Message-ID: <481B206B00090D32@xxxxxxxxxxxxxxxxxxxxxxxxxx> >> Content-Type: text/plain; charset="US-ASCII" >> >> Hi Abdu, >> >> You'll find a lot of usefull information in the user guide: >> http://www.wireshark.org/docs/wsug_html/ >> >> In a nutshell... >> Add a column to display the packete length(bytes) >> Edit - Preferences - User interface - Columns >> Select : New >> Properties: >> Title: change the title to Length >> Format: select Packete length(bytes) >> Apply - OK >> >> >> Use capture and/or display filters. >> http://wiki.wireshark.org/CaptureFilters >> http://wiki.wireshark.org/DisplayFilters >> >> You can use a capture filter to capture only http traffic >> Capture - Option - Capture filter >> select: Filter name: HTTP TCP port (80) Filter string: tcp port http >> >> You can use filters to capture traffic to/from specific host: >> capture filter: >> to/from: host 192.168.100.44 >> to: dst host 192.168.100.44 >> from: src host 192.168.100.44 >> >> display filter: >> to/from : ip.addr == 192.168.100.44 >> to : ip.dst == 192.168.100.44 >> from : ip.src == 192.168.100.44 >> >> >> While capturing you for instance can look at: >> Analyze - Expert Info Composite >> Statistics - Conversations >> >> In the "Conversations Window" you can right-click on a >> interesting conversation to apply a filter. >> >> Hope this helps >> Joan >> >> >> On Tue, 21 Oct 2008 00:03:21 +0000 abdu bukres wrote: >> > I have been using Wireshark in a simple usage looking at the data. >> > >> > Can Wireshark be used to query the data a bit like SQL, something like: >> > List the top 10 ip addresses which caused the most number >> > of hits or tcp traffic during the last 10 minutes? >> > >> > I don't know if Wireshark can capture number of bytes sent >> > out in http responses, so can it list which ip addresses are causing >> > a lot of outbound traffic? >> > >> > I would like to query the data captured by Wireshark and >> > query it like a database. >> > >> > Simple examples can get me going fast. >> > >> > If Wireshark can't do it, any ideas for other sniffers? >> >> >> >> >> >> >> ------------------------------ >> >> Message: 3 >> Date: Wed, 22 Oct 2008 08:59:32 +0800 >> From: " ??? " <cduter@xxxxxx> >> Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 29, Issue >> 33 >> To: wireshark-users@xxxxxxxxxxxxx >> Message-ID: <20081022010543.5B79C476BB@xxxxxxxxxxxxxxxxxx> >> Content-Type: text/plain; charset="gb2312" >> >> wireshark-users-request,??? >> >> good idear! The Wireshark can capture the data and store it in the >> database,good ,good.But i think that the wrieshark can do it right now,i am >> writing a c program to analyze the pcap files ,it can get the detail data >> and store them in the databses ,which make i can find the top ip :) >> >> >> >> ??? >> cduter@xxxxxx >> 2008-10-22 >> >> ======= 2008-10-22 03:00 12:00:05 ???????: Wireshark-users Digest, Vol 29, >> Issue 33======= >> >> Send Wireshark-users mailing list submissions to >> wireshark-users@xxxxxxxxxxxxx >> >> To subscribe or unsubscribe via the World Wide Web, visit >> https://wireshark.org/mailman/listinfo/wireshark-users >> or, via email, send a message with subject or body 'help' to >> wireshark-users-request@xxxxxxxxxxxxx >> >> You can reach the person managing the list at >> wireshark-users-owner@xxxxxxxxxxxxx >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of Wireshark-users digest..." >> >> >> Today's Topics: >> >> 1. Re: Can Wireshark query the captured data? (Breno Jacinto) >> 2. Sniffer for VoIP ( Nivaldo J?nior ) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Mon, 20 Oct 2008 21:30:36 -0300 >> From: "Breno Jacinto" >> Subject: Re: [Wireshark-users] Can Wireshark query the captured data? >> To: "Community support list for Wireshark" >> >> Message-ID: >> <2ced936d0810201730o6f4b3c68off637e5fc0338456@xxxxxxxxxxxxxx> >> Content-Type: text/plain; charset=WINDOWS-1252 >> >> Hello, >> >> I was just skimming through all the documentation available at >> http://www.wireshark.org/bibliography.html, and I think the >> video-article "Advanced I/O Graphing" may be of your interest. Take a >> look at http://novellevents.novell.com/t/2261821/56771533/6387/0/ >> >> best regards, >> >> 2008/10/20 abdu bukres : >> > >> > I have been using Wireshark in a simple usage looking at the data. >> > >> > Can Wireshark be used to query the data a bit like SQL, something like: >> > >> > List the top 10 ip addresses which caused the most number of hits or tcp >> > traffic during the last 10 minutes? >> > >> > I don't know if Wireshark can capture number of bytes sent out in http >> > responses, so can it list which ip addresses are causing a lot of >> > outbound >> > traffic? >> > >> > I would like to query the data captured by Wireshark and query it like a >> > database. >> > >> > Simple examples can get me going fast. >> > >> > If Wireshark can't do it, any ideas for other sniffers? >> > >> > Thanks. >> > >> > Abdu >> > >> > ________________________________ >> > When your life is on the go?take your life with you. Try Windows >> > Mobile(R) >> > today >> > _______________________________________________ >> > Wireshark-users mailing list >> > Wireshark-users@xxxxxxxxxxxxx >> > https://wireshark.org/mailman/listinfo/wireshark-users >> > >> > >> >> >> >> -- >> -- >> :: Breno Jacinto :: >> :: breno - at - gprt.ufpe.br :: >> :: FingerPrint :: >> 2F15 8A61 F566 E442 8581 >> E3C0 EFF4 E202 74B7 7484 >> :: Persistir no dif?cil ? a ?nica maneira de torn?-lo f?cil algum dia. :: >> >> >> ------------------------------ >> >> Message: 2 >> Date: Tue, 21 Oct 2008 10:15:45 -0300 >> From: " Nivaldo J?nior " >> Subject: [Wireshark-users] Sniffer for VoIP >> To: wireshark-users@xxxxxxxxxxxxx >> Message-ID: >> >> Content-Type: text/plain; charset=ISO-8859-1 >> >> Hi all, >> >> I need a sniffer for VoIP. I'm testing VoIPong but some calls are not >> detected. I tested with wireshark and all calls are detected and i can >> generate the waves, but i need a command line system to be running in >> background and generating all audios. >> I have some resources for this project, so if someone knows how to do >> that, please contact me as soon as possible. >> My MSN is junior@xxxxxxxxxxxxxx and my Skype is nivaldomjunior. >> >> Regards, >> >> -- >> Nivaldo J?nior >> nivaldomjunior@xxxxxxxxx >> >> >> ------------------------------ >> >> _______________________________________________ >> Wireshark-users mailing list >> Wireshark-users@xxxxxxxxxxxxx >> https://wireshark.org/mailman/listinfo/wireshark-users >> >> >> End of Wireshark-users Digest, Vol 29, Issue 33 >> *********************************************** >> >> . >> >> >> = = = = = = = = = = = = = = = = = = = = >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: >> http://www.wireshark.org/lists/wireshark-users/attachments/20081022/201a2ad4/attachment.htm >> >> ------------------------------ >> >> Message: 4 >> Date: Wed, 22 Oct 2008 00:52:36 +0200 >> From: Marco De Vitis <starless@xxxxxxx> >> Subject: [Wireshark-users] Leopard and AirPort, only my own packets >> To: wireshark-users@xxxxxxxxxxxxx >> Message-ID: <gdlmfk$nht$1@xxxxxxxxxxxxx> >> Content-Type: text/plain; charset=ISO-8859-15; format=flowed >> >> Hi, >> I'm doing some tests on my own wifi network, which is protected using >> WPA Personal. >> >> I have a Windows notebook and a MacBook running OSX 10.5.5. I want to >> try running Wireshark on the MacBook for sniffing traffic happening from >> the Win machine. >> >> I connect both machines to the network, then start Wireshark on the Mac >> (the binary download for Intel machines on the official Wireshark web >> site, installed as the docs recommend), start capturing in promiscuous >> mode, and then try doing something on the Win machine, like browsing the >> web or downloading mail, but this activity is not logged: I can only see >> traffic from the MacBook itself. >> >> I've read related docs in the wiki a couple of times, and I'm a bit >> confused now. As far as I understand, it should all work fine with my >> setup. Am I wrong? Am I missing anything? >> >> Thanks. >> >> -- >> Ciao, >> Marco. >> >> >> >> ------------------------------ >> >> Message: 5 >> Date: Wed, 22 Oct 2008 01:54:21 -0700 >> From: Guy Harris <guy@xxxxxxxxxxxx> >> Subject: Re: [Wireshark-users] Leopard and AirPort, only my own >> packets >> To: Community support list for Wireshark >> <wireshark-users@xxxxxxxxxxxxx> >> Message-ID: <E3F38D3F-57B3-4457-A9DA-029B25A9842D@xxxxxxxxxxxx> >> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes >> >> >> On Oct 21, 2008, at 3:52 PM, Marco De Vitis wrote: >> >> > I'm doing some tests on my own wifi network, which is protected using >> > WPA Personal. >> > >> > I have a Windows notebook and a MacBook running OSX 10.5.5. I want to >> > try running Wireshark on the MacBook for sniffing traffic happening >> > from >> > the Win machine. >> >> It might be that the AirPort adapter on your MacBook will only capture >> traffic from other machines on your network when in monitor mode (on >> Leopard, to go into monitor mode you currently have to select a "link- >> layer header type" other than Ethernet), even in promiscuous mode. I >> think some (perhaps all) wireless adapters will not actually work >> promiscuously on protected networks as they can't decrypt traffic to >> or from other machines; they'll capture the traffic in monitor mode, >> but, in order to see that traffic decrypted, you'll need to provide >> the password for the network *and* capture the initial setup: >> >> http://wiki.wireshark.org/HowToDecrypt802.11 >> >> >> ------------------------------ >> >> Message: 6 >> Date: Wed, 22 Oct 2008 14:37:15 +0200 >> From: Marco De Vitis <starless@xxxxxxx> >> Subject: Re: [Wireshark-users] Leopard and AirPort, only my own >> packets >> To: wireshark-users@xxxxxxxxxxxxx >> Message-ID: <gdn6pr$sng$1@xxxxxxxxxxxxx> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> >> Il 22-10-2008 10:54, Guy Harris ha scritto: >> >> > Leopard, to go into monitor mode you currently have to select a "link- >> > layer header type" other than Ethernet), even in promiscuous mode. I >> >> Indeed, I tried the other two link-layer header types available, "IEEE >> 802.11 Wireless LAN" and "IEEE 802.11 plus AVS WLAN header", but I >> couldn't interpret the results: it appeared that some data packets were >> captured, but the seemed to be encrypted or something. >> >> > or from other machines; they'll capture the traffic in monitor mode, >> > but, in order to see that traffic decrypted, you'll need to provide >> > the password for the network *and* capture the initial setup: >> > >> > http://wiki.wireshark.org/HowToDecrypt802.11 >> >> Ah, thanks, I missed this. I actually wondered if the captured traffic >> was encrypted or not (see above), but didn't see mentions of this aspect >> in the wiki (http://wiki.wireshark.org/CaptureSetup/WLAN). >> I'll try when I get back home. >> >> -- >> Ciao, >> Marco. >> >> >> >> ------------------------------ >> >> _______________________________________________ >> Wireshark-users mailing list >> Wireshark-users@xxxxxxxxxxxxx >> https://wireshark.org/mailman/listinfo/wireshark-users >> >> >> End of Wireshark-users Digest, Vol 29, Issue 34 >> *********************************************** > > > ________________________________ > Discover the new Windows Vista Learn more! > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > -- Nivaldo Júnior nivaldomjunior@xxxxxxxxx
- References:
- Re: [Wireshark-users] Sniffer for VoIP
- From: miguel olivares varela
- Re: [Wireshark-users] Sniffer for VoIP
- Prev by Date: Re: [Wireshark-users] a question re capturing on 2 interfaces
- Next by Date: [Wireshark-users] Please help me :(
- Previous by thread: Re: [Wireshark-users] Sniffer for VoIP
- Next by thread: Re: [Wireshark-users] Sniffer for VoIP
- Index(es):