[clug] Wireshark VOIP and Caller IP address

[Kim Holburn]

There are several probems with VOIP/SIP.  One is that most VOIP/SIP protocols pass the IP numbers in the data part of the packets. 
Two is there are sometimes several streams most often of UDP packets.  It is a really exasperating protocol suite.  It is quite hard 
to work this out with wireshark.  Three is that if both parties are behind a NAT firewall, they can't talk directly anyway.

The only real way is to use a VOIP session border controller which is expensive.  Barring that you could set up a small asterisk 
server which could do it but is expensive in time and patience to set up.

How much is the Telstra device?

I have this problem with my VOIP "landline".  I generally pick the phone up and listen.  If its spam they generally hang up.  I am 
at the point of giving up the landline altogether.

On 2020/10/28 4:00 pm, Keith Goggin via linux wrote:
> Due to increased occurrence of Unsolicited VOIP calls I've been motivated to try to track the callers IP address and block them.
> 
> I have a Gigaset VOIP Phone connected to a Mikrotik router connected to a 4G modem/router.
> 
>   Using the Mikrotik Packet Sniffer tool I can collect call data and pass it to Wireshark for examination.
> 
> I was expecting calls to be set up (dialed) via my VOIP provider, but once established (answered) on going traffic would be directly 
> between the caller ip and the receiver ip addresses.
> 
> This doesn't seem to be the case as I collected call data from a friend and the UDP packets source address was that of my providers 
> server not the callers address.
> 
> In principle this should be straight forward even for dummies like, me alas not so.
> 
> Can anyone offer a good reference text for beginners.
> 
> Thanks
> 
> 
> 

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request