[clug] Wireshark VOIP and Caller IP address

[jm]

I've been getting a few spam/con calls on the landline at home. I
suspect they are using PoP (Points of Presents) to dial out of in
Australia. This may explain why the calls are coming from your provider
as the calls emerge in Australia at one of these PoPs and are then
routed over the PSTN which in the case of your provider gets converted
back to a VoIP call. This would explain what you describe. There could
be other explanations which someone else may be able to provide.

A random thought on another direction of attacking the problem: Is there
any chance you could proxy (or otherwise intercept) SIP for the call up
then block the call based on a blacklist of known numbers?

Jeff.

On 28/10/20 16:00, Keith Goggin via linux wrote:
> Due to increased occurrence of Unsolicited VOIP calls I've been
> motivated to try to track the callers IP address and block them.
>
> I have a Gigaset VOIP Phone connected to a Mikrotik router connected
> to a 4G modem/router.
>
>  Using the Mikrotik Packet Sniffer tool I can collect call data and
> pass it to Wireshark for examination.
>
> I was expecting calls to be set up (dialed) via my VOIP provider, but
> once established (answered) on going traffic would be directly between
> the caller ip and the receiver ip addresses.
>
> This doesn't seem to be the case as I collected call data from a
> friend and the UDP packets source address was that of my providers
> server not the callers address.
>
> In principle this should be straight forward even for dummies like, me
> alas not so.
>
> Can anyone offer a good reference text for beginners.
>
> Thanks
>
>
>