[Dshield] h323 sniffer

Johannes B. Ullrich jullrich at sans.org
Mon Mar 29 16:22:53 GMT 2004


Actually for most commercial VoIP solutions, you would like to have a
SIP sniffer, not H.323.

For sip I have good results with 'rtpscan'. 'vomit' is another popular
decoder. Either will take a tcpdump file, or just listen directly and
spit out a .wav file with your conversation.


On Mon, 2004-03-29 at 03:18, Roman Fomichev wrote:
> Hi, All!
> 
> I need to show my bosses, that VoIP in the wild is insecure and it can be 
> secure only running in VPN tunnel.
> So I want to show them some kind of traffic sniffing. But for person who 
> is far from computing some lines in Ethereal means nothing.
> So I want not only captupe h323 traffic, but to play it. So two persons 
> talk and the third one can HEAR those both.
> Any suggestions for such tool?
> Linux or Windows - does not matter ;)
> 
> Thanks in advance,
> Roman.
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040329/4615a3d0/attachment.bin


More information about the list mailing list