Sniffing VOIP sessions from a Cisco phone systems is already in the realm of possablities. I have personally worked with the develper of VOIPONG which is is voice over ip packet sniffer. It is able to sniff a great deal of packets with little cpu usage. You can easily throw FreeBSD on a spare computer with a decent ethernet card, and install VOIPONG with little more then changing to the directory and typing “make install”.
Q: Is it really that easy to do Cisco sniffing?
A: Well there are a few more commands to execute, but it is fairly straightforward.
Q: Does it pick up cisco skinny while sniffing?
A: Yes, it sure does.
Q: How much does it cost?
A: If you already have a 500mz computer or better, with an ethernet card, it wont cost you anything but a little bit of time to configure it.
Q: I don’t know how to use Linix, should I go down the path of configuring my first Linux computer to just run VOIP sniffing?
A: Sure! Anything that gives you a reason to use Linux for the first time is a (arguably a good reason) a great reason to try Linux /FreeBSD.
Q: Ok, I downloaded VOIPONG but where do I get FreeBSD?
A: Try FreeBSD.org
Q:Ok. I installed FreeBSD, and I am a noob… what the heck do I do now?
A: RFTM
Q: What does RTFM stand for?
A: Google it
Q: Ok, you don’t have to be a jerk. I admit I am a total noooooooooooob, but help a brother out!
A: Ok, Ok, I really do want you to sniff your VOIP calls. I’ll try to explain it as best as I can. (It has been awhile since I installed VOIPONG and configured it)
Installing FreeBSD
- Download these two iso disc and burn them to cdrs. ( ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/5.5/5.5-RELEASE-i386-disc1.iso
ftp://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/5.5/5.5-RELEASE-i386-disc2.iso ) - Boot your computer off disc 1
- Choose the quick install method (i’ll confirm this later) and the default slices (dont ask)
- Follow the on screen directions
- Reboot and login to your system
- Download voipong with the following command (
# fetch http://www.enderunix.org/voipong/voipong-2.0.tar.gz - # tar -zxf voiong-2.0.tar.gz
- # cd voipong-2.0
- # ./configure
- # make
- #make install
- Run # ifconfig and look for the identifier of your network adaptor
- # vi /usr/local/etc/voipong/voipong.conf
( Wait i am a vi virgin and need serious help ) - Press i
- Scroll down to the line that starts with “device = ” and change the value to the device name from ifconfig (mine is listed as bge0 but it could be sis0 or something else, it varies.
- Now press “ESC” and then type “:wq”
- Now you are ready to do some sniffing!
- Run VOIPONG in the forefground to see what happen with # voipong -f
- Watch and see what it outputs. You may need to evaluate and research any errors.
Q: It ran but didn’t record any VOIP calls. What’s the deal?
A: Do you have your network adaptor plugged in where it can see the packets? As in a monitor port or an ethernet tap? Well you will need to. (Sorry I can’t tell you how to configure your network)
So I hope this was helpful. Don’t be scared to try Linux.
Cheers!
Related posts:
0 Responses to “cisco sniff”