[Dshield] h323 sniffer

Roman Fomichev from at e-solutions.lv
Tue Mar 30 11:04:36 GMT 2004

Thanks a lot Johannes and Daniel for your replies!

I'll try vomit.

Great regards,
On Mon, 29 Mar 2004 11:22:53 -0500, Johannes B. Ullrich 
<jullrich at sans.org> wrote:

> Actually for most commercial VoIP solutions, you would like to have a
> SIP sniffer, not H.323.
> For sip I have good results with 'rtpscan'. 'vomit' is another popular
> decoder. Either will take a tcpdump file, or just listen directly and
> spit out a .wav file with your conversation.
> On Mon, 2004-03-29 at 03:18, Roman Fomichev wrote:
>> Hi, All!
>> I need to show my bosses, that VoIP in the wild is insecure and it can 
>> be
>> secure only running in VPN tunnel.
>> So I want to show them some kind of traffic sniffing. But for person who
>> is far from computing some lines in Ethereal means nothing.
>> So I want not only captupe h323 traffic, but to play it. So two persons
>> talk and the third one can HEAR those both.
>> Any suggestions for such tool?
>> Linux or Windows - does not matter ;)
>> Thanks in advance,
>> Roman.

Romāns Fomičevs

If you don't keep up with security fixes, your network won't be yours for 

More information about the list mailing list