Offensive Security Tool: VoIPmonitor Sniffer
Support our work or become a Patron and find exclusive video content available ONLY on Patreon showing you continuous techniques and methodologies in Offensive Security.
Reading Time: 3 Minutes
Offensive Security Tool: VoIPmonitor Sniffer
What is VoIPmonitor
VoIP can be sniffed throughout the network that is saved in pcap. It can be analyzed to discover and convert it accordingly into mp3 or other extension that lets you listen to it. VoIPmonitor by voipmonitor/sniffer is open source live network packet sniffer which analyze SIP and RTP protocol. It can run as daemon or analyzes already captured pcap files. For each detected VoIP call voipmonitor calculates statistics about loss, burstiness, latency and predicts MOS (Meaning Opinion Score) according to ITU-T G.107 E-model. These statistics are saved to MySQL database and each call is saved as pcap dump. Web PHP application (it is not part of open source sniffer) filters data from database and graphs latency and loss distribution. Voipmonitor also detects improperly terminated calls when BYE or OK was not seen. To accurately transform latency to loss packets, voipmonitor simulates fixed and adaptive jitterbuffer.
Key features
- Fast C++ SIP/RTP packet analyzer.
- Predicts MOS-LQE score according to ITU-T G.107 E-mode.
- Detailed delay/loss statistics stored to MySQL.
- Each call is saved as standalone pcap file.
- Call recorder.
Who is VoIPmonitor for
- Monitor and troubleshoot quality of SIP VoIP calls.
- Archive all calls including SIP, WebRTC, SKINNY RTP, SS7 over SCTP, T.38 and T.30 FAX (PDF) in CDR database.
- Decode and play calls directly from the GUI or show T.38 FAX as PDF.
- Anti fraud / watchdog rules to prevent fraudulent calls.
- Monitor call centers.
- Billing purpose.
- VoIPmonitor is proven industry leading solution used by the largest VoIP service carriers and call centers.
See Also: Critical Jira Flaw in Atlassian Could Lead to RCE
Decryption support
- SIP and RTP decryption.
- Supported protocols: SSLv3 TLS 1.0 1.1 1.2 1.3
- All cypher suits in openssl.
- All linux software using openssl (tested with Kamailio Opensips Freeswitch Asterisk SipXecs OpenUC).
- Proprietary SIP stacks using non DH cypher suits or DH cypher suits (wireshark session key log must be supported by vendor).
How VoIPmonitor scales?
- Unique VoIPmonitor architecture allows to analyse over 100 000 concurrent calls on a single server and more than 80 000 calls per second.
- Unique IO architecture allows to store pcap files for every single call (more than 100 000 concurrent calls) without a need for fast storage (unique internal voipmonitor storage format ensuring serial writes).
- Client – Server architecture allows horizontal scaling (adding more servers).
See Also: Offensive Security Tool: Veil
