[clug] Wireshark VOIP and Caller IP address

Keith Goggin lroyjh at gmail.com
Wed Oct 28 08:57:11 UTC 2020 

Thanks Kim,

I can see all packet data and I would have thought they must pass the 
real source IP address buried in the packet some where. But it would 
have to follow a known format. If that is the case I could learn to use 
Wireshark packet filters to show the address.

As for the Telstra 'call guardian' phone I'll google for that.

On 28/10/20 7:00 pm, Kim Holburn via linux wrote:
> There are several probems with VOIP/SIP.  One is that most VOIP/SIP 
> protocols pass the IP numbers in the data part of the packets. Two is 
> there are sometimes several streams most often of UDP packets. It is a 
> really exasperating protocol suite.  It is quite hard to work this out 
> with wireshark.  Three is that if both parties are behind a NAT 
> firewall, they can't talk directly anyway.
>
> The only real way is to use a VOIP session border controller which is 
> expensive.  Barring that you could set up a small asterisk server 
> which could do it but is expensive in time and patience to set up.
>
> How much is the Telstra device?
>
> I have this problem with my VOIP "landline".  I generally pick the 
> phone up and listen.  If its spam they generally hang up.  I am at the 
> point of giving up the landline altogether.
>
> On 2020/10/28 4:00 pm, Keith Goggin via linux wrote:
>> Due to increased occurrence of Unsolicited VOIP calls I've been 
>> motivated to try to track the callers IP address and block them.
>>
>> I have a Gigaset VOIP Phone connected to a Mikrotik router connected 
>> to a 4G modem/router.
>>
>>   Using the Mikrotik Packet Sniffer tool I can collect call data and 
>> pass it to Wireshark for examination.
>>
>> I was expecting calls to be set up (dialed) via my VOIP provider, but 
>> once established (answered) on going traffic would be directly 
>> between the caller ip and the receiver ip addresses.
>>
>> This doesn't seem to be the case as I collected call data from a 
>> friend and the UDP packets source address was that of my providers 
>> server not the callers address.
>>
>> In principle this should be straight forward even for dummies like, 
>> me alas not so.
>>
>> Can anyone offer a good reference text for beginners.
>>
>> Thanks
>>
>>
>>
>

More information about the linux mailing list