[VOIPSEC] Pen Testing VOIP
Matt Harrigan
matt.harrigan at gmail.com
Fri Oct 7 17:45:03 BST 2005
Rick,
As far as session reconstruction and packet analysis, ethereal has
worked well for
me - the new version supports rtp payload, etc...I believe there's
even a filter (plugin) that someone has written to dump all audio to
.au. If it's a blind test, you're
either going to need to open a mirror port on the switch for one of
the call endpoints, or somehow mitm (arp spoof- danger will
robinson!), in order to get the call data.
If you wanted to create packets on the fly, I imagine libnet would
probably suffice.
Regards,
Matt
On 10/5/05, Rick.Wanner at sasktel.sk.ca <Rick.Wanner at sasktel.sk.ca> wrote:
> Does anyone have any recommendations for tools that may be useful when
> performing a PenTest in a VOIP infrastructure? I am mostly interested in
> tools which can be used to validate and exercise the VOIP protocols
> themselves.
>
> Thanks
> Rick
>
>
>
>
> NOTICE: This confidential e-mail message is only for the intended
> recipient(s). If you are not the intended recipient, be advised that
> disclosing, copying, distributing, or any other use of this message, is
> strictly prohibited. In such case, please destroy this message and notify
> the sender.
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
--
Matthew G. Harrigan
O:303-308-0505
M:303-668-0302
mobile email: mharrigan at tmail.com
More information about the Voipsec
mailing list