[clug] Wireshark VOIP and Caller IP address

[Keith Goggin]

On 28/10/20 4:23 pm, Bob Edwards via linux wrote:
> On 28/10/20 4:00 pm, Keith Goggin via linux wrote:
>> Due to increased occurrence of Unsolicited VOIP calls I've been 
>> motivated to try to track the callers IP address and block them.
>>
>> I have a Gigaset VOIP Phone connected to a Mikrotik router connected 
>> to a 4G modem/router.
>>
>>   Using the Mikrotik Packet Sniffer tool I can collect call data and 
>> pass it to Wireshark for examination.
>>
>> I was expecting calls to be set up (dialed) via my VOIP provider, but 
>> once established (answered) on going traffic would be directly 
>> between the caller ip and the receiver ip addresses.
>>
>> This doesn't seem to be the case as I collected call data from a 
>> friend and the UDP packets source address was that of my providers 
>> server not the callers address.
>>
>> In principle this should be straight forward even for dummies like, 
>> me alas not so.
>>
>> Can anyone offer a good reference text for beginners.
>>
>> Thanks
>>
>>
>>
>
> Hi Keith,
>
> I guess there is no one "VOIP" protocol - some are point-to-point (as
> you expected) but others are via various gateways and service-provider
> servers. Even protocols that could be point-to-point can still be
> routed via a gateway.
>
> Can you tell us which VOIP protocol you are using?
>
> Wikipedia (and the "external links" at the bottom of almost all
> articles) is my reference book for most things...
>
> cheers,
> Bob Edwards. Thanks Bob,

Thanks Bob,

It seems you are right, but my reading so far has been use TCP to 
establish the call, the provider acting as the exchange with a lookup 
table of phone numbers to ip-addresses, then once answered peer to peer 
using UDP.

I will ask my VOIP provider, since the owner is also tech support.

I'm sure a lot of people would like to fix this common annoyance.