Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Sniffer for VoIP

From: miguel olivares varela <klica_sk8@xxxxxxxxxxx>
Date: Wed, 22 Oct 2008 07:18:13 -0700

You can use rtpbreak in works really nice but it's only for Linux, i'm not sure than you can use thark in order to generate all  the audios.
 
 

> From: wireshark-users-request@xxxxxxxxxxxxx
> Subject: Wireshark-users Digest, Vol 29, Issue 34
> To: wireshark-users@xxxxxxxxxxxxx
> Date: Wed, 22 Oct 2008 05:37:31 -0700
>
> Send Wireshark-users mailing list submissions to
> wireshark-users@xxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://wireshark.org/mailman/listinfo/wireshark-users
> or, via email, send a message with subject or body 'help' to
> wireshark-users-request@xxxxxxxxxxxxx
>
> You can reach the person managing the list at
> wireshark-users-owner@xxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wireshark-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Sniffer for VoIP (j.snelders@xxxxxxxxxx)
> 2. Re: Can Wireshark query the captured data? (j.snelders@xxxxxxxxxx)
> 3. Re: Wireshark-users Digest, Vol 29, Issue 33 ( ??? )
> 4. Leopard and AirPort, only my own packets (Marco De Vitis)
> 5. Re: Leopard and AirPort, only my own packets (Guy Harris)
> 6. Re: Leopard and AirPort, only my own packets (Marco De Vitis)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 21 Oct 2008 21:09:48 +0200
> From: j.snelders@xxxxxxxxxx
> Subject: Re: [Wireshark-users] Sniffer for VoIP
> To: wireshark-users@xxxxxxxxxxxxx
> Message-ID: <481B206B00090D17@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="US-ASCII"
>
> Hi Nivaldo
>
> You can use Tshark, the command-line tool.
> Or take a look at message d.d. Date: Sun, 19 Oct 2008 10:09:46 +0200
> Wireshark-users: Re: [Wireshark-users] Running Wireshark as windows service
>
>
> Grtz
> Joan
>
> On Tue, 21 Oct 2008 10:15:45 -0300 Nivaldo J?nior wrote:
> > I need a sniffer for VoIP. I'm testing VoIPong but some calls are not
> > detected. I tested with wireshark and all calls are detected and i can
> > generate the waves, but i need a command line system to be running in
> > background and generating all audios.
> > I have some resources for this project, so if someone knows how to do
> > that, please contact me as soon as possible.
> > My MSN is junior@xxxxxxxxxxxxxx and my Skype is nivaldomjunior.
>
>
>
>
>
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 21 Oct 2008 21:15:42 +0200
> From: j.snelders@xxxxxxxxxx
> Subject: Re: [Wireshark-users] Can Wireshark query the captured data?
> To: wireshark-users@xxxxxxxxxxxxx
> Message-ID: <481B206B00090D32@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="US-ASCII"
>
> Hi Abdu,
>
> You'll find a lot of usefull information in the user guide:
> http://www.wireshark.org/docs/wsug_html/
>
> In a nutshell...
> Add a column to display the packete length(bytes)
> Edit - Preferences - User interface - Columns
> Select : New
> Properties:
> Title: change the title to Length
> Format: select Packete length(bytes)
> Apply - OK
>
>
> Use capture and/or display filters.
> http://wiki.wireshark.org/CaptureFilters
> http://wiki.wireshark.org/DisplayFilters
>
> You can use a capture filter to capture only http traffic
> Capture - Option - Capture filter
> select: Filter name: HTTP TCP port (80) Filter string: tcp port http
>
> You can use filters to capture traffic to/from specific host:
> capture filter:
> to/from: host 192.168.100.44
> to: dst host 192.168.100.44
> from: src host 192.168.100.44
>
> display filter:
> to/from : ip.addr == 192.168.100.44
> to : ip.dst == 192.168.100.44
> from : ip.src == 192.168.100.44
>
>
> While capturing you for instance can look at:
> Analyze - Expert Info Composite
> Statistics - Conversations
>
> In the "Conversations Window" you can right-click on a
> interesting conversation to apply a filter.
>
> Hope this helps
> Joan
>
>
> On Tue, 21 Oct 2008 00:03:21 +0000 abdu bukres wrote:
> > I have been using Wireshark in a simple usage looking at the data.
> >
> > Can Wireshark be used to query the data a bit like SQL, something like:
> > List the top 10 ip addresses which caused the most number
> > of hits or tcp traffic during the last 10 minutes?
> >
> > I don't know if Wireshark can capture number of bytes sent
> > out in http responses, so can it list which ip addresses are causing
> > a lot of outbound traffic?
> >
> > I would like to query the data captured by Wireshark and
> > query it like a database.
> >
> > Simple examples can get me going fast.
> >
> > If Wireshark can't do it, any ideas for other sniffers?
>
>
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 22 Oct 2008 08:59:32 +0800
> From: " ??? " <cduter@xxxxxx>
> Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 29, Issue
> 33
> To: wireshark-users@xxxxxxxxxxxxx
> Message-ID: <20081022010543.5B79C476BB@xxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="gb2312"
>
> wireshark-users-request,???
>
> good idear! The Wireshark can capture the data and store it in the database,good ,good.But i think that the wrieshark can do it right now,i am writing a c program to analyze the pcap files ,it can get the detail data and store them in the databses ,which make i can find the top ip :)
>
>
>
> ???
> cduter@xxxxxx
> 2008-10-22
>
> ======= 2008-10-22 03:00 12:00:05 ???????: Wireshark-users Digest, Vol 29, Issue 33=======
>
> Send Wireshark-users mailing list submissions to
> wireshark-users@xxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://wireshark.org/mailman/listinfo/wireshark-users
> or, via email, send a message with subject or body 'help' to
> wireshark-users-request@xxxxxxxxxxxxx
>
> You can reach the person managing the list at
> wireshark-users-owner@xxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wireshark-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Can Wireshark query the captured data? (Breno Jacinto)
> 2. Sniffer for VoIP ( Nivaldo J?nior )
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 20 Oct 2008 21:30:36 -0300
> From: "Breno Jacinto"
> Subject: Re: [Wireshark-users] Can Wireshark query the captured data?
> To: "Community support list for Wireshark"
>
> Message-ID:
> <2ced936d0810201730o6f4b3c68off637e5fc0338456@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=WINDOWS-1252
>
> Hello,
>
> I was just skimming through all the documentation available at
> http://www.wireshark.org/bibliography.html, and I think the
> video-article "Advanced I/O Graphing" may be of your interest. Take a
> look at http://novellevents.novell.com/t/2261821/56771533/6387/0/
>
> best regards,
>
> 2008/10/20 abdu bukres :
> >
> > I have been using Wireshark in a simple usage looking at the data.
> >
> > Can Wireshark be used to query the data a bit like SQL, something like:
> >
> > List the top 10 ip addresses which caused the most number of hits or tcp
> > traffic during the last 10 minutes?
> >
> > I don't know if Wireshark can capture number of bytes sent out in http
> > responses, so can it list which ip addresses are causing a lot of outbound
> > traffic?
> >
> > I would like to query the data captured by Wireshark and query it like a
> > database.
> >
> > Simple examples can get me going fast.
> >
> > If Wireshark can't do it, any ideas for other sniffers?
> >
> > Thanks.
> >
> > Abdu
> >
> > ________________________________
> > When your life is on the go?take your life with you. Try Windows Mobile(R)
> > today
> > _______________________________________________
> > Wireshark-users mailing list
> > Wireshark-users@xxxxxxxxxxxxx
> > https://wireshark.org/mailman/listinfo/wireshark-users
> >
> >
>
>
>
> --
> --
> :: Breno Jacinto ::
> :: breno - at - gprt.ufpe.br ::
> :: FingerPrint ::
> 2F15 8A61 F566 E442 8581
> E3C0 EFF4 E202 74B7 7484
> :: Persistir no dif?cil ? a ?nica maneira de torn?-lo f?cil algum dia. ::
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 21 Oct 2008 10:15:45 -0300
> From: " Nivaldo J?nior "
> Subject: [Wireshark-users] Sniffer for VoIP
> To: wireshark-users@xxxxxxxxxxxxx
> Message-ID:
>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi all,
>
> I need a sniffer for VoIP. I'm testing VoIPong but some calls are not
> detected. I tested with wireshark and all calls are detected and i can
> generate the waves, but i need a command line system to be running in
> background and generating all audios.
> I have some resources for this project, so if someone knows how to do
> that, please contact me as soon as possible.
> My MSN is junior@xxxxxxxxxxxxxx and my Skype is nivaldomjunior.
>
> Regards,
>
> --
> Nivaldo J?nior
> nivaldomjunior@xxxxxxxxx
>
>
> ------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
> End of Wireshark-users Digest, Vol 29, Issue 33
> ***********************************************
>
> .
>
>
> = = = = = = = = = = = = = = = = = = = =
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://www.wireshark.org/lists/wireshark-users/attachments/20081022/201a2ad4/attachment.htm
>
> ------------------------------
>
> Message: 4
> Date: Wed, 22 Oct 2008 00:52:36 +0200
> From: Marco De Vitis <starless@xxxxxxx>
> Subject: [Wireshark-users] Leopard and AirPort, only my own packets
> To: wireshark-users@xxxxxxxxxxxxx
> Message-ID: <gdlmfk$nht$1@xxxxxxxxxxxxx>
> Content-Type: text/plain; charset=ISO-8859-15; format=flowed
>
> Hi,
> I'm doing some tests on my own wifi network, which is protected using
> WPA Personal.
>
> I have a Windows notebook and a MacBook running OSX 10.5.5. I want to
> try running Wireshark on the MacBook for sniffing traffic happening from
> the Win machine.
>
> I connect both machines to the network, then start Wireshark on the Mac
> (the binary download for Intel machines on the official Wireshark web
> site, installed as the docs recommend), start capturing in promiscuous
> mode, and then try doing something on the Win machine, like browsing the
> web or downloading mail, but this activity is not logged: I can only see
> traffic from the MacBook itself.
>
> I've read related docs in the wiki a couple of times, and I'm a bit
> confused now. As far as I understand, it should all work fine with my
> setup. Am I wrong? Am I missing anything?
>
> Thanks.
>
> --
> Ciao,
> Marco.
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 22 Oct 2008 01:54:21 -0700
> From: Guy Harris <guy@xxxxxxxxxxxx>
> Subject: Re: [Wireshark-users] Leopard and AirPort, only my own
> packets
> To: Community support list for Wireshark
> <wireshark-users@xxxxxxxxxxxxx>
> Message-ID: <E3F38D3F-57B3-4457-A9DA-029B25A9842D@xxxxxxxxxxxx>
> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>
>
> On Oct 21, 2008, at 3:52 PM, Marco De Vitis wrote:
>
> > I'm doing some tests on my own wifi network, which is protected using
> > WPA Personal.
> >
> > I have a Windows notebook and a MacBook running OSX 10.5.5. I want to
> > try running Wireshark on the MacBook for sniffing traffic happening
> > from
> > the Win machine.
>
> It might be that the AirPort adapter on your MacBook will only capture
> traffic from other machines on your network when in monitor mode (on
> Leopard, to go into monitor mode you currently have to select a "link-
> layer header type" other than Ethernet), even in promiscuous mode. I
> think some (perhaps all) wireless adapters will not actually work
> promiscuously on protected networks as they can't decrypt traffic to
> or from other machines; they'll capture the traffic in monitor mode,
> but, in order to see that traffic decrypted, you'll need to provide
> the password for the network *and* capture the initial setup:
>
> http://wiki.wireshark.org/HowToDecrypt802.11
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 22 Oct 2008 14:37:15 +0200
> From: Marco De Vitis <starless@xxxxxxx>
> Subject: Re: [Wireshark-users] Leopard and AirPort, only my own
> packets
> To: wireshark-users@xxxxxxxxxxxxx
> Message-ID: <gdn6pr$sng$1@xxxxxxxxxxxxx>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Il 22-10-2008 10:54, Guy Harris ha scritto:
>
> > Leopard, to go into monitor mode you currently have to select a "link-
> > layer header type" other than Ethernet), even in promiscuous mode. I
>
> Indeed, I tried the other two link-layer header types available, "IEEE
> 802.11 Wireless LAN" and "IEEE 802.11 plus AVS WLAN header", but I
> couldn't interpret the results: it appeared that some data packets were
> captured, but the seemed to be encrypted or something.
>
> > or from other machines; they'll capture the traffic in monitor mode,
> > but, in order to see that traffic decrypted, you'll need to provide
> > the password for the network *and* capture the initial setup:
> >
> > http://wiki.wireshark.org/HowToDecrypt802.11
>
> Ah, thanks, I missed this. I actually wondered if the captured traffic
> was encrypted or not (see above), but didn't see mentions of this aspect
> in the wiki (http://wiki.wireshark.org/CaptureSetup/WLAN).
> I'll try when I get back home.
>
> --
> Ciao,
> Marco.
>
>
>
> ------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>
>
> End of Wireshark-users Digest, Vol 29, Issue 34
> ***********************************************



Discover the new Windows Vista Learn more!