Ethereal

Re: [Ethereal-users] Sniffing Just VOIP traffic
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: March 2006

 

On 3/7/06, Patrick T. McAlister <patrick@xxxxxxxxxxxxx> wrote:
> Can someone tell me how I would configure Ethereal to sniff VOIP traffic
> only on a network?


Depends on what you mean for VOIP traffic.

Signalling only or Signalling and Media?

in regard to signalling which (set of) protocol(s)?
   - SIP ?
   - H323 ?
   - BICC ?
   - MGCP ?
  -  other?

if you are to capture media you need to capture all UDP traffic as
there's no way to know beforehand which udp.port RTP is going to use.

If you need to *display* voip signalling only the filter
    sip || h225 || h245 || q931 || mgcp || bicc
should be enough.

in order to filter in capture you need to know which ports these
protocols are using and set you capture filter accordingly.

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.