From sjenkin at canb.auug.org.au Tue Oct 6 20:50:43 2020 From: sjenkin at canb.auug.org.au (steve jenkin) Date: Wed, 7 Oct 2020 07:50:43 +1100 Subject: [clug] Maker Kits in the ACT Library, R-Pi, Ozobot, 3-Doodler Message-ID: <54F81CD6-D722-4C69-AAF1-5E19C14B554C@canb.auug.org.au> noticed these in the Tuggeranong Library yesterday. These may have been added for science week in September. Finding in the catalogue is a bit tricky. =========== Advanced Search, ?Collections?, scroll down a very long way (alphabetic) - Maker Kit 3Doodler Create+ kit 12 copies, 6 reserves CrowPi all-in-one kit lead you go from zero to hero with Raspberry Pi 10 copies, 2 reserves Edison robot kit 15 copies, 2 reserves Makey Makeys [kit] MaKey MaKey is an invention kit for the 21st century. Turn everyday objects into touchpads and combine them with the internet. 5 copies Ozobot Evo Kit 10 copies, 8 reserves Ozobot Kit 6 copies PocketLab Voyager Kit 10 copies, 1 reserve Raspberry Pi extension kit 9 copies Raspberry Pi kit 8 copies, 1 reserve ???????? [For R-Pi, Availability] Location Collection Call number Status/Desc Customer Information Center Maker Kit MKT RASP Available Customer Information Center Maker Kit MKT RASP Available Customer Information Center Maker Kit MKT RASP Available Dickson Branch Maker Kit MKT RASP Onloan - Due: 29 Oct 2020 Gungahlin Branch Maker Kit MKT RASP On reserve shelf at Gungahlin Branch Kippax Branch Maker Kit MKT RASP Available Kippax Branch Maker Kit MKT RASP Available Woden Branch Maker Kit MKT RASP Available -- Steve Jenkin, IT Systems and Design 0412 786 915 (+61 412 786 915) PO Box 38, Kippax ACT 2615, AUSTRALIA mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin From lroyjh at gmail.com Wed Oct 28 05:00:57 2020 From: lroyjh at gmail.com (Keith Goggin) Date: Wed, 28 Oct 2020 16:00:57 +1100 Subject: [clug] Wireshark VOIP and Caller IP address Message-ID: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Due to increased occurrence of Unsolicited VOIP calls I've been motivated to try to track the callers IP address and block them. I have a Gigaset VOIP Phone connected to a Mikrotik router connected to a 4G modem/router. ?Using the Mikrotik Packet Sniffer tool I can collect call data and pass it to Wireshark for examination. I was expecting calls to be set up (dialed) via my VOIP provider, but once established (answered) on going traffic would be directly between the caller ip and the receiver ip addresses. This doesn't seem to be the case as I collected call data from a friend and the UDP packets source address was that of my providers server not the callers address. In principle this should be straight forward even for dummies like, me alas not so. Can anyone offer a good reference text for beginners. Thanks From jeffm at ghostgun.com Wed Oct 28 05:23:27 2020 From: jeffm at ghostgun.com (jm) Date: Wed, 28 Oct 2020 16:23:27 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: <0328457a-4aa9-fcd1-6b3e-599e72974205@ghostgun.com> I've been getting a few spam/con calls on the landline at home. I suspect they are using PoP (Points of Presents) to dial out of in Australia. This may explain why the calls are coming from your provider as the calls emerge in Australia at one of these PoPs and are then routed over the PSTN which in the case of your provider gets converted back to a VoIP call. This would explain what you describe. There could be other explanations which someone else may be able to provide. A random thought on another direction of attacking the problem: Is there any chance you could proxy (or otherwise intercept) SIP for the call up then block the call based on a blacklist of known numbers? Jeff. On 28/10/20 16:00, Keith Goggin via linux wrote: > Due to increased occurrence of Unsolicited VOIP calls I've been > motivated to try to track the callers IP address and block them. > > I have a Gigaset VOIP Phone connected to a Mikrotik router connected > to a 4G modem/router. > > ?Using the Mikrotik Packet Sniffer tool I can collect call data and > pass it to Wireshark for examination. > > I was expecting calls to be set up (dialed) via my VOIP provider, but > once established (answered) on going traffic would be directly between > the caller ip and the receiver ip addresses. > > This doesn't seem to be the case as I collected call data from a > friend and the UDP packets source address was that of my providers > server not the callers address. > > In principle this should be straight forward even for dummies like, me > alas not so. > > Can anyone offer a good reference text for beginners. > > Thanks > > > From rodneyp at iinet.net.au Wed Oct 28 05:14:19 2020 From: rodneyp at iinet.net.au (rodney peters) Date: Wed, 28 Oct 2020 16:14:19 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: <81e7c882-32fc-d5c9-31ff-f2885e941bed@iinet.net.au> Keith, I anticipate that most VoIP will use the SIP protocol.? I've never attempted to study the latter. en.wikipedia.org often has a good outline of a topic, with references to more detail in the bibliography Rod On 2020-10-28 16:00, Keith Goggin via linux wrote: > Due to increased occurrence of Unsolicited VOIP calls I've been > motivated to try to track the callers IP address and block them. > > I have a Gigaset VOIP Phone connected to a Mikrotik router connected > to a 4G modem/router. > > ?Using the Mikrotik Packet Sniffer tool I can collect call data and > pass it to Wireshark for examination. > > I was expecting calls to be set up (dialed) via my VOIP provider, but > once established (answered) on going traffic would be directly between > the caller ip and the receiver ip addresses. > > This doesn't seem to be the case as I collected call data from a > friend and the UDP packets source address was that of my providers > server not the callers address. > > In principle this should be straight forward even for dummies like, me > alas not so. > > Can anyone offer a good reference text for beginners. > > Thanks > > > From bob at cs.anu.edu.au Wed Oct 28 05:23:45 2020 From: bob at cs.anu.edu.au (Bob Edwards) Date: Wed, 28 Oct 2020 16:23:45 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: On 28/10/20 4:00 pm, Keith Goggin via linux wrote: > Due to increased occurrence of Unsolicited VOIP calls I've been > motivated to try to track the callers IP address and block them. > > I have a Gigaset VOIP Phone connected to a Mikrotik router connected to > a 4G modem/router. > > ?Using the Mikrotik Packet Sniffer tool I can collect call data and > pass it to Wireshark for examination. > > I was expecting calls to be set up (dialed) via my VOIP provider, but > once established (answered) on going traffic would be directly between > the caller ip and the receiver ip addresses. > > This doesn't seem to be the case as I collected call data from a friend > and the UDP packets source address was that of my providers server not > the callers address. > > In principle this should be straight forward even for dummies like, me > alas not so. > > Can anyone offer a good reference text for beginners. > > Thanks > > > Hi Keith, I guess there is no one "VOIP" protocol - some are point-to-point (as you expected) but others are via various gateways and service-provider servers. Even protocols that could be point-to-point can still be routed via a gateway. Can you tell us which VOIP protocol you are using? Wikipedia (and the "external links" at the bottom of almost all articles) is my reference book for most things... cheers, Bob Edwards. From lroyjh at gmail.com Wed Oct 28 06:19:21 2020 From: lroyjh at gmail.com (Keith Goggin) Date: Wed, 28 Oct 2020 17:19:21 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: <185b91c4-8058-438d-b356-15641140e62e@gmail.com> On 28/10/20 4:23 pm, Bob Edwards via linux wrote: > On 28/10/20 4:00 pm, Keith Goggin via linux wrote: >> Due to increased occurrence of Unsolicited VOIP calls I've been >> motivated to try to track the callers IP address and block them. >> >> I have a Gigaset VOIP Phone connected to a Mikrotik router connected >> to a 4G modem/router. >> >> ??Using the Mikrotik Packet Sniffer tool I can collect call data and >> pass it to Wireshark for examination. >> >> I was expecting calls to be set up (dialed) via my VOIP provider, but >> once established (answered) on going traffic would be directly >> between the caller ip and the receiver ip addresses. >> >> This doesn't seem to be the case as I collected call data from a >> friend and the UDP packets source address was that of my providers >> server not the callers address. >> >> In principle this should be straight forward even for dummies like, >> me alas not so. >> >> Can anyone offer a good reference text for beginners. >> >> Thanks >> >> >> > > Hi Keith, > > I guess there is no one "VOIP" protocol - some are point-to-point (as > you expected) but others are via various gateways and service-provider > servers. Even protocols that could be point-to-point can still be > routed via a gateway. > > Can you tell us which VOIP protocol you are using? > > Wikipedia (and the "external links" at the bottom of almost all > articles) is my reference book for most things... > > cheers, > Bob Edwards. Thanks Bob, Thanks Bob, It seems you are right, but my reading so far has been use TCP to establish the call, the provider acting as the exchange with a lookup table of phone numbers to ip-addresses, then once answered peer to peer using UDP. I will ask my VOIP provider, since the owner is also tech support. I'm sure a lot of people would like to fix this common annoyance. From stephen.hocking at gmail.com Wed Oct 28 06:21:05 2020 From: stephen.hocking at gmail.com (Stephen Hocking) Date: Wed, 28 Oct 2020 17:21:05 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: I fixed the problem by buying a Telstra Call Guardian phone. It does whitelisting & blacklisting, and if it doesn't recognise a number, it asks the person to say their name and then press the '#' key. The scammers don't have a phone number pad in front of them, only a computer to take care of your details. This means they can't press the '#' key that will send the appropriate signal down the phone line. I haven't had the phone ring with a scammer since I got it. On Wed, 28 Oct 2020 at 16:39, Bob Edwards via linux wrote: > > On 28/10/20 4:00 pm, Keith Goggin via linux wrote: > > Due to increased occurrence of Unsolicited VOIP calls I've been > > motivated to try to track the callers IP address and block them. > > > > I have a Gigaset VOIP Phone connected to a Mikrotik router connected to > > a 4G modem/router. > > > > Using the Mikrotik Packet Sniffer tool I can collect call data and > > pass it to Wireshark for examination. > > > > I was expecting calls to be set up (dialed) via my VOIP provider, but > > once established (answered) on going traffic would be directly between > > the caller ip and the receiver ip addresses. > > > > This doesn't seem to be the case as I collected call data from a friend > > and the UDP packets source address was that of my providers server not > > the callers address. > > > > In principle this should be straight forward even for dummies like, me > > alas not so. > > > > Can anyone offer a good reference text for beginners. > > > > Thanks > > > > > > > > Hi Keith, > > I guess there is no one "VOIP" protocol - some are point-to-point (as > you expected) but others are via various gateways and service-provider > servers. Even protocols that could be point-to-point can still be > routed via a gateway. > > Can you tell us which VOIP protocol you are using? > > Wikipedia (and the "external links" at the bottom of almost all > articles) is my reference book for most things... > > cheers, > Bob Edwards. > > -- > linux mailing list > linux at lists.samba.org > https://lists.samba.org/mailman/listinfo/linux -- "I and the public know what all schoolchildren learn Those to whom evil is done Do evil in return" W.H. Auden, "September 1, 1939" From lroyjh at gmail.com Wed Oct 28 06:25:26 2020 From: lroyjh at gmail.com (Keith Goggin) Date: Wed, 28 Oct 2020 17:25:26 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: <0328457a-4aa9-fcd1-6b3e-599e72974205@ghostgun.com> References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> <0328457a-4aa9-fcd1-6b3e-599e72974205@ghostgun.com> Message-ID: On 28/10/20 4:23 pm, jm via linux wrote: > I've been getting a few spam/con calls on the landline at home. I > suspect they are using PoP (Points of Presents) to dial out of in > Australia. This may explain why the calls are coming from your provider > as the calls emerge in Australia at one of these PoPs and are then > routed over the PSTN which in the case of your provider gets converted > back to a VoIP call. This would explain what you describe. There could > be other explanations which someone else may be able to provide. > > A random thought on another direction of attacking the problem: Is there > any chance you could proxy (or otherwise intercept) SIP for the call up > then block the call based on a blacklist of known numbers? > > Jeff. > > On 28/10/20 16:00, Keith Goggin via linux wrote: >> Due to increased occurrence of Unsolicited VOIP calls I've been >> motivated to try to track the callers IP address and block them. >> >> I have a Gigaset VOIP Phone connected to a Mikrotik router connected >> to a 4G modem/router. >> >> ?Using the Mikrotik Packet Sniffer tool I can collect call data and >> pass it to Wireshark for examination. >> >> I was expecting calls to be set up (dialed) via my VOIP provider, but >> once established (answered) on going traffic would be directly between >> the caller ip and the receiver ip addresses. >> >> This doesn't seem to be the case as I collected call data from a >> friend and the UDP packets source address was that of my providers >> server not the callers address. >> >> In principle this should be straight forward even for dummies like, me >> alas not so. >> >> Can anyone offer a good reference text for beginners. >> >> Thanks >> >> >> > Thanks Jeff, yes this is my fall back position but I thought it would be nice to strike the source! Nah just melodramatic nonsense on my part. > > From lroyjh at gmail.com Wed Oct 28 06:32:45 2020 From: lroyjh at gmail.com (Keith Goggin) Date: Wed, 28 Oct 2020 17:32:45 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: <6d541fda-4865-5ea9-5aaf-04f66b081785@gmail.com> Thanks Stephen, yes someone else mentioned the spammers inability to 'press the # key'. My luck would be having bought a new phone the spammers would upgrade their equipment to defeat me. On 28/10/20 5:21 pm, Stephen Hocking via linux wrote: > I fixed the problem by buying a Telstra Call Guardian phone. It does > whitelisting & blacklisting, and if it doesn't recognise a number, it > asks the person to say their name and then press the '#' key. The > scammers don't have a phone number pad in front of them, only a > computer to take care of your details. This means they can't press the > '#' key that will send the appropriate signal down the phone line. I > haven't had the phone ring with a scammer since I got it. > > On Wed, 28 Oct 2020 at 16:39, Bob Edwards via linux > wrote: >> On 28/10/20 4:00 pm, Keith Goggin via linux wrote: >>> Due to increased occurrence of Unsolicited VOIP calls I've been >>> motivated to try to track the callers IP address and block them. >>> >>> I have a Gigaset VOIP Phone connected to a Mikrotik router connected to >>> a 4G modem/router. >>> >>> Using the Mikrotik Packet Sniffer tool I can collect call data and >>> pass it to Wireshark for examination. >>> >>> I was expecting calls to be set up (dialed) via my VOIP provider, but >>> once established (answered) on going traffic would be directly between >>> the caller ip and the receiver ip addresses. >>> >>> This doesn't seem to be the case as I collected call data from a friend >>> and the UDP packets source address was that of my providers server not >>> the callers address. >>> >>> In principle this should be straight forward even for dummies like, me >>> alas not so. >>> >>> Can anyone offer a good reference text for beginners. >>> >>> Thanks >>> >>> >>> >> Hi Keith, >> >> I guess there is no one "VOIP" protocol - some are point-to-point (as >> you expected) but others are via various gateways and service-provider >> servers. Even protocols that could be point-to-point can still be >> routed via a gateway. >> >> Can you tell us which VOIP protocol you are using? >> >> Wikipedia (and the "external links" at the bottom of almost all >> articles) is my reference book for most things... >> >> cheers, >> Bob Edwards. >> >> -- >> linux mailing list >> linux at lists.samba.org >> https://lists.samba.org/mailman/listinfo/linux > > From lroyjh at gmail.com Wed Oct 28 07:44:42 2020 From: lroyjh at gmail.com (Keith Goggin) Date: Wed, 28 Oct 2020 18:44:42 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: Thanks all, Just spoke to my voip provider, he said his upstream do not pass on the real ip address of the caller and suggested the equipment mentioned by Stephen. Which will be effective until the spammers find a way around that. I'm inclined to black list the claimed source address but does anyone know of a published black list for Australia? Thanks From lroyjh at gmail.com Wed Oct 28 07:49:15 2020 From: lroyjh at gmail.com (Keith Goggin) Date: Wed, 28 Oct 2020 18:49:15 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: <40d1b210-cc50-e2eb-4dfb-6a1760da276f@gmail.com> CORRECTION: Thanks all, Just spoke to my voip provider, he said his upstream do not pass on the real ip address of the caller and suggested the equipment mentioned by Stephen. Which will be effective until the spammers find a way around that. I'm inclined to black list the claimed caller phone number but does anyone know of a published black list for Australia? Thanks From kim.holburn at gmail.com Wed Oct 28 08:00:56 2020 From: kim.holburn at gmail.com (Kim Holburn) Date: Wed, 28 Oct 2020 19:00:56 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: There are several probems with VOIP/SIP. One is that most VOIP/SIP protocols pass the IP numbers in the data part of the packets. Two is there are sometimes several streams most often of UDP packets. It is a really exasperating protocol suite. It is quite hard to work this out with wireshark. Three is that if both parties are behind a NAT firewall, they can't talk directly anyway. The only real way is to use a VOIP session border controller which is expensive. Barring that you could set up a small asterisk server which could do it but is expensive in time and patience to set up. How much is the Telstra device? I have this problem with my VOIP "landline". I generally pick the phone up and listen. If its spam they generally hang up. I am at the point of giving up the landline altogether. On 2020/10/28 4:00 pm, Keith Goggin via linux wrote: > Due to increased occurrence of Unsolicited VOIP calls I've been motivated to try to track the callers IP address and block them. > > I have a Gigaset VOIP Phone connected to a Mikrotik router connected to a 4G modem/router. > > ?Using the Mikrotik Packet Sniffer tool I can collect call data and pass it to Wireshark for examination. > > I was expecting calls to be set up (dialed) via my VOIP provider, but once established (answered) on going traffic would be directly > between the caller ip and the receiver ip addresses. > > This doesn't seem to be the case as I collected call data from a friend and the UDP packets source address was that of my providers > server not the callers address. > > In principle this should be straight forward even for dummies like, me alas not so. > > Can anyone offer a good reference text for beginners. > > Thanks > > > -- Kim Holburn IT Network & Security Consultant T: +61 2 61402408 M: +61 404072753 mailto:kim at holburn.net aim://kimholburn skype://kholburn - PGP Public Key on request From cottrill.david at gmail.com Wed Oct 28 08:47:34 2020 From: cottrill.david at gmail.com (David C) Date: Wed, 28 Oct 2020 19:47:34 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: There is a bunch of ways of making this go away using Asterisk. It's possible the spam calls are preferable to making Asterisk work the way you think it should. On Wed, 28 Oct 2020, 7:01 pm Kim Holburn via linux, wrote: > There are several probems with VOIP/SIP. One is that most VOIP/SIP > protocols pass the IP numbers in the data part of the packets. > Two is there are sometimes several streams most often of UDP packets. It > is a really exasperating protocol suite. It is quite hard > to work this out with wireshark. Three is that if both parties are behind > a NAT firewall, they can't talk directly anyway. > > The only real way is to use a VOIP session border controller which is > expensive. Barring that you could set up a small asterisk > server which could do it but is expensive in time and patience to set up. > > How much is the Telstra device? > > I have this problem with my VOIP "landline". I generally pick the phone > up and listen. If its spam they generally hang up. I am > at the point of giving up the landline altogether. > > On 2020/10/28 4:00 pm, Keith Goggin via linux wrote: > > Due to increased occurrence of Unsolicited VOIP calls I've been > motivated to try to track the callers IP address and block them. > > > > I have a Gigaset VOIP Phone connected to a Mikrotik router connected to > a 4G modem/router. > > > > Using the Mikrotik Packet Sniffer tool I can collect call data and > pass it to Wireshark for examination. > > > > I was expecting calls to be set up (dialed) via my VOIP provider, but > once established (answered) on going traffic would be directly > > between the caller ip and the receiver ip addresses. > > > > This doesn't seem to be the case as I collected call data from a friend > and the UDP packets source address was that of my providers > > server not the callers address. > > > > In principle this should be straight forward even for dummies like, me > alas not so. > > > > Can anyone offer a good reference text for beginners. > > > > Thanks > > > > > > > > -- > Kim Holburn > IT Network & Security Consultant > T: +61 2 61402408 M: +61 404072753 > mailto:kim at holburn.net aim://kimholburn > skype://kholburn - PGP Public Key on request > > > -- > linux mailing list > linux at lists.samba.org > https://lists.samba.org/mailman/listinfo/linux > From lroyjh at gmail.com Wed Oct 28 08:57:11 2020 From: lroyjh at gmail.com (Keith Goggin) Date: Wed, 28 Oct 2020 19:57:11 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: <66386f1c-d377-f6e9-52d5-c619d422108d@gmail.com> Thanks Kim, I can see all packet data and I would have thought they must pass the real source IP address buried in the packet some where. But it would have to follow a known format. If that is the case I could learn to use Wireshark packet filters to show the address. As for the Telstra 'call guardian' phone I'll google for that. On 28/10/20 7:00 pm, Kim Holburn via linux wrote: > There are several probems with VOIP/SIP.? One is that most VOIP/SIP > protocols pass the IP numbers in the data part of the packets. Two is > there are sometimes several streams most often of UDP packets. It is a > really exasperating protocol suite.? It is quite hard to work this out > with wireshark.? Three is that if both parties are behind a NAT > firewall, they can't talk directly anyway. > > The only real way is to use a VOIP session border controller which is > expensive.? Barring that you could set up a small asterisk server > which could do it but is expensive in time and patience to set up. > > How much is the Telstra device? > > I have this problem with my VOIP "landline".? I generally pick the > phone up and listen.? If its spam they generally hang up.? I am at the > point of giving up the landline altogether. > > On 2020/10/28 4:00 pm, Keith Goggin via linux wrote: >> Due to increased occurrence of Unsolicited VOIP calls I've been >> motivated to try to track the callers IP address and block them. >> >> I have a Gigaset VOIP Phone connected to a Mikrotik router connected >> to a 4G modem/router. >> >> ??Using the Mikrotik Packet Sniffer tool I can collect call data and >> pass it to Wireshark for examination. >> >> I was expecting calls to be set up (dialed) via my VOIP provider, but >> once established (answered) on going traffic would be directly >> between the caller ip and the receiver ip addresses. >> >> This doesn't seem to be the case as I collected call data from a >> friend and the UDP packets source address was that of my providers >> server not the callers address. >> >> In principle this should be straight forward even for dummies like, >> me alas not so. >> >> Can anyone offer a good reference text for beginners. >> >> Thanks >> >> >> > From lroyjh at gmail.com Wed Oct 28 09:04:56 2020 From: lroyjh at gmail.com (Keith Goggin) Date: Wed, 28 Oct 2020 20:04:56 +1100 Subject: [clug] Wireshark VOIP and Caller IP address In-Reply-To: References: <22168b11-4afe-dfac-287a-62667e39075f@gmail.com> Message-ID: <8685261b-e1b2-9326-7f21-5143ba13ada0@gmail.com> Thanks Kim, I can see all packet data and I would have thought they must pass the real source IP address buried in the packet some where. But it would have to follow a known format. If that is the case I could learn to use Wireshark packet filters to show the address. As for the Telstra 'call guardian' phone I'll google for that. https://crowdsupport.telstra.com.au/t5/announcements/telstra-call-guardian-301-never-answer-a-nuisance-call-again/ba-p/465103 and the cost about $50 on ebay. On 28/10/20 7:00 pm, Kim Holburn via linux wrote: > There are several probems with VOIP/SIP.? One is that most VOIP/SIP > protocols pass the IP numbers in the data part of the packets. Two is > there are sometimes several streams most often of UDP packets. It is a > really exasperating protocol suite.? It is quite hard to work this out > with wireshark.? Three is that if both parties are behind a NAT > firewall, they can't talk directly anyway. > > The only real way is to use a VOIP session border controller which is > expensive.? Barring that you could set up a small asterisk server > which could do it but is expensive in time and patience to set up. > > How much is the Telstra device? > > I have this problem with my VOIP "landline".? I generally pick the > phone up and listen.? If its spam they generally hang up.? I am at the > point of giving up the landline altogether. > > On 2020/10/28 4:00 pm, Keith Goggin via linux wrote: >> Due to increased occurrence of Unsolicited VOIP calls I've been >> motivated to try to track the callers IP address and block them. >> >> I have a Gigaset VOIP Phone connected to a Mikrotik router connected >> to a 4G modem/router. >> >> ??Using the Mikrotik Packet Sniffer tool I can collect call data and >> pass it to Wireshark for examination. >> >> I was expecting calls to be set up (dialed) via my VOIP provider, but >> once established (answered) on going traffic would be directly >> between the caller ip and the receiver ip addresses. >> >> This doesn't seem to be the case as I collected call data from a >> friend and the UDP packets source address was that of my providers >> server not the callers address. >> >> In principle this should be straight forward even for dummies like, >> me alas not so. >> >> Can anyone offer a good reference text for beginners. >> >> Thanks >> >> >> >