Sie sind auf Seite 1von 18

Testing

Packet Capture using Wireshark

Select appropriate network interface


**active interface that sends and receives traffic

Start Packet Capture

1|Page
When capturing from a machine which is not the caller nor the callee

Make sure to check “Capture packets in promiscuous mode”

2|Page
Screen during an ongoing packet capture

3|Page
To gather data or decode VoIP calls:

Select “Show All Streams”

4|Page
Select RTP stream(s) to analyze or decode

Click “Analyze”

5|Page
Call Network Statistics

Delay
Click “Player” to listen to captured stream
Jitter

Packet Loss

6|Page
Listening to Captured Packets:

Click Decoded Stream

Click Decode

7|Page
Click “Play”

8|Page
Server Stress Testing using SIPP

Enter “cd /pentest/voip/sip” at the terminal to


be able to use SIPP

9|Page
At the Server:
Add these lines to the extensions.conf file (at
/etc/asterisk):
[sipp]
exten => 2005,1,Answer
exten => 2005,2,SetMusicOnHold(default)
exten => 2005,3,WaitMusicOnHold(20)
exten => 2005,4,Hangup

Add these lines to sip.conf file ((at /etc/asterisk):


[sipp]
type=friend
context=sipp
host=dynamic
port=6000
user=sipp
canreinvite=no
disallow=all
allow=ulaw

Reload Asterisk

./sipp -sn uac -d 20000 -s 2005 192.168.1.100 -l 30

Simultaneous Calls Limit, 30 calls


Call duration ( in milliseconds), 20000ms = 20s
Remote server’s IP address

http://www.voipphreak.ca/2007/04/17/using-sipp-to-stress-test-your-asterisk-14-pbx-system/

10 | P a g e
Limit at 30 Calls

No noticeable change in CPU


time for Asterisk!

11 | P a g e
Limit at 300 calls

Asterisk CPU time at 41.5 %


(varying from time to time)

12 | P a g e
Limit at 1,000 calls

Asterisk CPU time at 176.2%


(varying from time to time)

13 | P a g e
Extension Enumeration & Password Cracking using SIPvicious

Extension Enumeration

Command:
./svwar.py –e0000-9999 192.168.1.100

Range of Extension numbers to check Server’s IP address

http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP

14 | P a g e
Result:
All user extensions were found!!

15 | P a g e
Password Cracking

Command:
./svcrack -u6006 –r0000-9999 192.168.1.100

User extension to crack password

Range of passwords to try (numeric only)

Server’s IP address

http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP

16 | P a g e
Result:

17 | P a g e
Notes:
 Wireshark can only decode unencrypted RTP packets. Choose soft
phones that support sRTP or zRTP if you want your calls to be
encrypted but make sure that the Asterisk version you are using
supports sRTP or zRTP.
 Use alphanumeric passwords. SIPvicious can only crack numeric
passwords.
 Normally you would not be able to sniff out packets if end devices
are connected to a switch. The easiest way to test call networking
requirements would beby running wireshark on one of the
machines which are taking part of the call. You could use a third
machine to sniff out packets. The easiest way to do that is by
connecting the third machine (the one sniffing) and one of the
two machines taking part in a call to a hub. After, connect the hub
to the switch. Just make sure that your third machine’s NIC can
switch to promiscuous mode so that it could receive packets not
destined for itself.

18 | P a g e