[VOIPSEC] Fwd: rtpinsertsound problem

Wed Aug 20 17:36:16 CDT 2008

Hello,

Firstly thanks for your response !

I have tried to increase the spoof factor ( 10,20, ..., 50) but that doesn't
work, on the other phone I don't hear the wav file. But with wireshark, I
can analyze RTP traffic and I can hear a strange voice which not correspond
to the wav file, maybe it's a codec problem. I wonder why the voice
including in the wav file is so altered and why the phone didn't take the
packet.  I also try voipong to detect a call but it appears that voipong
detects RTP exchanges between the caller Cisco phone and the asterisk
server, so it registers the call as a call between the SIP phone and
Asterisk. I have discovered that there is RTCP exchange between my Phone and
Asterisk but I don't know why. In my sip.conf I put canreinvite = yes for
all users to bypass the proxy for RTP so I don't understand.

I think to really understand the problem, I have to give more information
about my VoIP test infrastructure:

Firstly I have 2 Cisco SIP phone with the latest firmware, their IP @
192.168.42.71 and 72 connected to a Cisco 3524 XL switch
I have also an Asterisk server running on SUSE 10.3, and on the same server
a DHCP and TFTP necessaery for Cisco phone.
I specify that this server is on an ESX server and its IP is
192.168.42.61and for doing tests I plug my laptop, running BackTrack
on vmware, on the
swicth and I use SPAN to monitor all packet traffic.

The trace took during the use of rtpmixsound between the 2 Cisco Phone, as
well as sip.conf and extensions.conf, and the voipong.log are attached to
this mail.

I have to make a demonstration for my college  on early September about
RTPInjection so I don't know if the new tools with GUI will be available
before the 11 September. That's why I have to do this by command line.

Thanks for your response,

        Joany Boutet

---------- Forwarded message ----------
From: Dustin D. Trammell <dtrammell at dustintrammell.com>
Date: 2008/8/20
Subject: Re: [VOIPSEC] rtpinsertsound problem
To: Joany BOUTET <boutet.joany at gmail.com>
Cc: voipsec at voipsa.org

On Tue, 2008-08-19 at 12:11 +0200, Joany BOUTET wrote:
> I am a student; trying to test rtpinsertsound tool but that doesn't
> work for me !

I would suggest checking two things:

First, the way those tools work are by replacing (or mixing) the audio
and crafting a new packet with an incremented packet ID by a few values.
This packet is then sent in an attempt to beat the legitimate packet
with the same value.  If the legitimate packet is winning the race, the
injected audio will not be heard.  Try increasing the value by which the
ID is incremented.  This is accomplished with command-line option '-f',
for spoof factor.

Second, version 3.0 of the tools will auto-identify the RTP ports for
you; you shouldn't need to do this manually with the -A and -B options
unless there are a LOT of other calls happening and the tool is
auto-selecting the wrong one, or you just want to verify that the tool
is identifying the correct ports with Wireshark.  Make sure you're
running the most recent versions of the tools, which you can grab from
the Hacking VoIP Exposed website:

http://www.hackingvoipexposed.com/sec_tools.html

--
Dustin D. Trammell
dtrammell at dustintrammell.com
http://www.dustintrammell.com