voipong issue?

[twofish17]

Hello,

After configuring for the linux version of voipong and correctly creating several configuration files (namely voipong.conf and voipongnets) voipong runs and detects VoIP calls. However, when it tries to write out a wave file the program crashes... I believe I have traced it back to the fact that the program calls both sox and soxmix to write out the audio file. In recent versions of sox, soxmix has been deprecated and is incorporated into sox. In BT4 I have noticed that standalone soxmix does not exist, but voipong is not configured to use the new all-built-into-sox method.

I am not 100% sure that this is whats going on, but I have fairly good reason to believe it is...

anyone else having issues and/or verify this?

[Archangel-Amael]

Could you please pastebin the voipong.conf file, and re-run the command you used but add the following
#voipong -d4 -f XXXX
-d4 verbosity -f to stay at the terminal XXXX your other flags options etc.
Then maybe we can help out.

[twofish17]

Here is voipong.conf

http://pastebin.com/embed_js.php?i=r8SHkinf


voipongnets simply has two static IP addresses with static ports (just like the last example in the documentation). For example:

172.16.1.101/255.255.255.255 fixed 40000
172.16.1.102/255.255.255.255 fixed 40000


You will notice in voipong.conf that the sox path must be set to /usr/bin/sox because thats where its located on BT4. However, I have no idea what the path for soxmix should be... in fact, this is what lead me to believe that soxmix might not be on BT4 but instead BT4 uses the later version of sox that pulls soxmix as a commandline arg.

I run voipong exactly as you describe, and I receive:
http://pastebin.com/embed_js.php?i=fnguLwdB

.... then it correctly finds the RTP stream of a call and begins to create a wav file (I'm sorry, I do not have an example of this interaction... the setup I was testing is no longer available). Then it crashes noting signal 11.

Again, my best guess is soxmix... I looked in the code and it does call it... I see soxmix no where on BT4. I could be wrong, thats why I thought I would post. Thanks for your help.

[Archangel-Amael]

Ok well apparently soxmix did indeed get merged into sox version 13.
It looks like we have two choices right now. Either give sox -m in your above config file, and see if it works.
The -m is simply soxmix. Of course it may need to be changed in the code where soxmix gets called as well.
Or you can downgrade to sox version 12. This was the version we had in BT3. Since I can't test really test voip tools right now, I can't do this myself. I will also try and get someone else to test this, if I can.
The best option will of course be to stick with the current sox version if possible.

[S3M73X]

Fixed: yes
Tested and verified Tool is doing its job: yes
BackTrack-Version tested on: BackTrack 4 Final (well this should work on R1 too )

Archangel called me in for testing this stuff.
So now i am done at least i have a "workaround".

The Problem is that voipong is only encoding half-duplex means only one .raw-file is encoded into .wav so i can hear only one direction of the phone-call (blame the authors of the software). I tested that with "sox -m" as replacement for the soxmix and also installed an "old" version v12.8.blafoo < v13.0.0 which still has soxmix in it (but that should not have been the issue, eh?).

my voipong.conf

[GENERAL]
logdir = /var/log
logfile = voipong.log
cdrfile = /var/log/voipcdr.log
networksfile = /pentest/voip/voipong/etc/voipongnets
pidfile = /var/run/voipong.pid
mgmt_ipcpath = /tmp/voipongmgmt.sock
soxpath = /usr/bin/sox
soxmixpath = "/usr/bin/sox -m"
modpath = /pentest/voip/voipong
mixwaves = 0
defalg = lfp
rtp_idle_time = 10
#device = fxp0
device = eth0
promisc = 1
snaplen = 1500
readtmt = 500
outdir = output

[FILTERS]
startup = "udp"

my voipongnets

192.168.178.0/255.255.255.0 lfp

So now the workaround.

1. Start Voipong-Server

root@bt voipong> ./voipong -d4 -f -c ./etc/voipong.conf
EnderUNIX VOIPONG Voice Over IP Sniffer starting...
Release 2.0, running on bt [Linux 2.6.30.9 #1 SMP Tue Dec 1 21:51:08 EST 2009 i686]

(c) Murat Balaban http://www.enderunix.org/
12/08/10 18:32:24: EnderUNIX VOIPONG Voice Over IP Sniffer starting...
12/08/10 18:32:24: Release 2.0 running on bt [Linux 2.6.30.9 #1 SMP Tue Dec 1 21:51:08 EST 2009 i686]. (c) Murat Balaban http://www.enderunix.org/ [pid: 8347]
12/08/10 18:32:24: Default matching algorithm: lfp
12/08/10 18:32:24: loadmodule: dlopen(/pentest/voip/voipong/modvocoder_pcma.c): /pentest/voip/voipong/modvocoder_pcma.c: invalid ELF header
12/08/10 18:32:24: loadmodule: dlopen(/pentest/voip/voipong/modvocoder_pcmu.o): /pentest/voip/voipong/modvocoder_pcmu.o: only ET_DYN and ET_EXEC can be loaded
12/08/10 18:32:24: loadmodule: dlopen(/pentest/voip/voipong/modvocoder_pcma.o): /pentest/voip/voipong/modvocoder_pcma.o: only ET_DYN and ET_EXEC can be loaded
12/08/10 18:32:24: loadmodule: /pentest/voip/voipong/modvocoder_pcmu.so (@0xb7f17243)
12/08/10 18:32:24: loadmodule: /pentest/voip/voipong/modvocoder_pcma.so (@0xb7f1426a)
12/08/10 18:32:24: loadmodule: dlopen(/pentest/voip/voipong/modvocoder_pcmu.c): /pentest/voip/voipong/modvocoder_pcmu.c: invalid ELF header
12/08/10 18:32:24: loaded 2 module(s)
12/08/10 18:32:24: loadnet(192.168.178.0/255.255.255.0) method: lfp
12/08/10 18:32:24: eth0 has been opened in promisc mode. (192.168.178.0/255.255.255.0)
12/08/10 18:32:27: New management console request has been accepted!
12/08/10 18:32:44: mgmt_console: set mixflag to 0
12/08/10 18:33:01: [8351] VoIP call has been detected.
12/08/10 18:33:01: [8351] 87.234.1.138:19320 <--> 192.168.178.23:30000
12/08/10 18:33:01: [8351] Encoding 8-PCMA-8KHz, recording.......
12/08/10 18:33:01: created a call recorder instance!
12/08/10 18:33:23: [8351] maximum idle time [10 secs] has been elapsed for this call, the call might have been ended.
12/08/10 18:33:23: [8351] .WAV file output/20100812/session-enc8-PCMA-8KHz-87.234.1.138,19320-192.168.178.23,30000.wav has been created successfully
12/08/10 18:33:23: [8351] .WAV file output/20100812/session-enc8-PCMA-8KHz-192.168.178.23,30000-87.234.1.138,19320.wav has been created successfully
12/08/10 18:33:23: child [pid: 8351] terminated normally [exit code: 0]

2. Start the voipong-Client and setmixflag 0 [you have to do this explicit again in the client because for some reason (crappy code eh? ^^ or maybe just me being to silly to use that tool correctly ) because you will only get one .wav-outputfile with one-direction of the call. if you setmixflag to 0 you will get 2 .wav-files one with each direction of the call]

root@bt voipong> ./voipctl -c ./etc/voipong.conf



Connected to VoIPong Management Console

System:
bt [Linux 2.6.30.9 #1 SMP Tue Dec 1 21:51:08 EST 2009 i686]


voipong> help
Commands:
help : this one
quit : quit management console
uptime : Server uptime
logrotate : rotate server's logs
setdebug [level] : set debug level to [level]
setmixflag [flag] : set mix voice flag to true or false [e.g: 1 for true, 0 for false]
shutdown : shutdown server
rusage : CPU usage statistics for the server
loadnets : Reload voipongnets file
info : General server information
shcall : Show currently monitored calls
shrtcp : Show currently RTCP cache
killcall [id] : end monitoring session with [id]
voipong> setmixflag 0
# set mixflag to 0

voipong> shcall



ID NODE1 PORT1 NODE2 PORT2 STIME DURATION
----- ---------------- ----- ---------------- ----- ----------------- ------------

Total listed: 0
voipong> !!



ID NODE1 PORT1 NODE2 PORT2 STIME DURATION
----- ---------------- ----- ---------------- ----- ----------------- ------------
08351 87.234.1.138 19320 192.168.178.23 30000 12/08/10 18:33:01 2 seconds

Total listed: 1
voipong>

3. go into the outputfolder and use "sox -m" to concatenate/merge the two outputfiles into one which you then can listen too (this can be scripted/cronjobbed/whatever)

total 364K
drwx------ 2 root root 4.0K Aug 12 18:33 .
drwx------ 3 root root 4.0K Aug 12 17:56 ..
-rw------- 1 root root 170K Aug 12 18:33 session-enc8-PCMA-8KHz-192.168.178.23,30000-87.234.1.138,19320.wav
-rw------- 1 root root 176K Aug 12 18:33 session-enc8-PCMA-8KHz-87.234.1.138,19320-192.168.178.23,30000.wav
root@bt 20100812> pwd
/pentest/voip/voipong/output/20100812
root@bt 20100812> sox -m session-enc8-PCMA-8KHz-192.168.178.23,30000-87.234.1.138,19320.wav session-enc8-PCMA-8KHz-87.234.1.138,19320-192.168.178.23,30000.wav -o voipongSucks.wav
root@bt 20100812> play voipongSucks.wav

Input File : 'voipongSucks.wav'
Sample Size : 16-bit (2 bytes)
Sample Encoding: signed (2's complement)
Channels : 1
Sample Rate : 8000

Time: 00:11.22 [00:00.00] of 00:11.22 (100% ) Samples out: 538k Clips: 0
Done.
root@bt 20100812>

Hope that fixes your "issue"... hf!

Lets hope the next versions of Voipong fix this "issue"... maybe somebody of you finds time to make a bug-report since i am to lazy/dont have the time to to surf around their code and submit this since i swear on wireshark for voip-sniffing! :P

[twofish17]

Thanks guys, I will eventually try out your suggestions... looks good


Wireshark is certainly great for VoIP sniffing, however it does some things I don't like. One example is it ignores comfort noise RTP packets in playback and audio file dumps... which normally is great. But sometimes I don't want that, which is actually the original reason I was looking at voipong.