[clug] Wireshark VOIP and Caller IP address

Keith Goggin lroyjh at gmail.com
Wed Oct 28 06:25:26 UTC 2020


On 28/10/20 4:23 pm, jm via linux wrote:
> I've been getting a few spam/con calls on the landline at home. I
> suspect they are using PoP (Points of Presents) to dial out of in
> Australia. This may explain why the calls are coming from your provider
> as the calls emerge in Australia at one of these PoPs and are then
> routed over the PSTN which in the case of your provider gets converted
> back to a VoIP call. This would explain what you describe. There could
> be other explanations which someone else may be able to provide.
>
> A random thought on another direction of attacking the problem: Is there
> any chance you could proxy (or otherwise intercept) SIP for the call up
> then block the call based on a blacklist of known numbers?
>
> Jeff.
>
> On 28/10/20 16:00, Keith Goggin via linux wrote:
>> Due to increased occurrence of Unsolicited VOIP calls I've been
>> motivated to try to track the callers IP address and block them.
>>
>> I have a Gigaset VOIP Phone connected to a Mikrotik router connected
>> to a 4G modem/router.
>>
>>   Using the Mikrotik Packet Sniffer tool I can collect call data and
>> pass it to Wireshark for examination.
>>
>> I was expecting calls to be set up (dialed) via my VOIP provider, but
>> once established (answered) on going traffic would be directly between
>> the caller ip and the receiver ip addresses.
>>
>> This doesn't seem to be the case as I collected call data from a
>> friend and the UDP packets source address was that of my providers
>> server not the callers address.
>>
>> In principle this should be straight forward even for dummies like, me
>> alas not so.
>>
>> Can anyone offer a good reference text for beginners.
>>
>> Thanks
>>
>>
>>
> Thanks Jeff,

yes this is my fall back position but I thought it would be nice to 
strike the source!

Nah just melodramatic nonsense on my part.

>   
>



More information about the linux mailing list