Results 1 to 7 of 7

Thread: VoIP sniffing

  1. #1
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    13

    Default VoIP sniffing

    I ran a few tests the other day to see if I can capture any "VoIP" packets with Wireshark. So I started a conversation between 2 PCs using windows messenger and sniffed the packets running through one of them, later sorted them by the packet type, I found many MSNP ones, but I was unable to find any VoIP packets (even though I started a voice conversation between the PCs, wasn't able to talk though because I had no microphone). So I downloaded Skype and did the same thing, but still no "VoIP" packets. When I sorted them, there were a hell lot of UDP ones (more than 50%) another 25% TCP and some other, but no VoIP (I was running other applications at that time though).

    This isn't exactly a problem of any kind, just out of curiosity, why isn't wireshark showing any VoIP packets? Shouldn't there be some?

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    I would think that the reason that you find no VOIP traffic is that neither Skype nor MSN operate using the standard VOIP client-server model but rather a peer-to-peer setup. Therefore I do not think that the VOIP protocol is actually implemented even though you have sound beeing transmitted.
    -Monkeys are like nature's humans.

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by =Tron= View Post
    I would think that the reason that you find no VOIP traffic is that neither Skype nor MSN operate using the standard VOIP client-server model but rather a peer-to-peer setup. Therefore I do not think that the VOIP protocol is actually implemented even though you have sound beeing transmitted.
    Thank you.



    MSNP (MicroSoft Network Protocol) is a client server model for communication
    SKYPE Is a peer to peer model for communication
    VOIP (Voice Over Internet Protocol)


    To sum this up nice a neat like, the msnp and skype protocols allow the transmission of voice and nothing else.
    Where as Voip can carry voice and "regular" data on the same line at the same time using the same protocol.
    In addition with voip can interact with switched networks PBX's, PSTN's and POTS'.
    Now the others can do similar functions, however they do not use the voip protocol do do this.
    Fo further reading on the various types of IM' protocols see here:

    I will also mention that the above is only a brief synopsis of the protocols but it should get you going in the right direction.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    I'm fairly certain you can filter out all UDP traffic if you're looking for VoIP, as you generally need TCP packets for Voice communication.

    Otherwise the conversation is going to be rather garbled.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    13

    Default

    Forgot to add one more thing (that made it somewhat more confusing): When sniffing with Cain, it actually registers (and records) the conversation in it's VoIP tab (together with more info like when it started and stopped). So I suppose the creators chose to list any voice conversation in that tab, even though they're not inherently VoIP-based?

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Booklet View Post
    Forgot to add one more thing (that made it somewhat more confusing): When sniffing with Cain, it actually registers (and records) the conversation in it's VoIP tab (together with more info like when it started and stopped). So I suppose the creators chose to list any voice conversation in that tab, even though they're not inherently VoIP-based?
    Actually I forgot to add some more info as well so:

    While skype and VOIP both allow a user to talk to another user the way that go about it is similar however there are differences that make them what they are. Skype and Vonage are similar in that they're both VoIP services. However in this connotation VOIP means allowing two endpoint to communicate. These end points are part of the differences.
    There is the matter of installation requirements. With skype it is basically download and go. Where as with voip one most likely will need some sort of adapter/s in order to get it to work. Not to mention that skype does not allow for 911 dialing (emergency services in the U.S.)
    There are also some differences in usage as well, with skype to dial a POTS line one must use the + sign whereas with voip one just dials the number.
    Then there is a huge difference when one adds in QoS quality of service.
    Skype is totally dependent on the internet for most services whereas voip is not so strict. This will show through in the fact that vonage costs more and skype can be free if you only call skype to skype.

    Besides their obvious hardware and software differences, Skype and Vonage are fairly different behind the scenes. Skype uses a peer-to-peer network, much like KaZaA, and a proprietary protocol. In fact, KaZaA's developers also developed Skype. Skype also uses 256-bit Advanced Encryption Standard (AES) encryption on call data. Vonage, on the other hand, does not use peer-to-peer technology, and it uses Session Initiation Protocol (SIP) to handle the calls' data. Vonage does not appear to use encryption on call data.

    Hit me up for more info
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    2

    Default

    Quote Originally Posted by streaker69 View Post
    I'm fairly certain you can filter out all UDP traffic if you're looking for VoIP, as you generally need TCP packets for Voice communication.

    Otherwise the conversation is going to be rather garbled.

    All of our hardware VOIP devices(Cisco 7905/7912/etc, Linksys 922s) use UDP. We have very basic priorities set up for UDP so they get better service.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •