I was thinking of setting up VOIP this year for the home office. Perfect timing! This should be very fun to mess around with in the lab! Thank you very much for the informative video!
Wireshark should definitely match rtp streams whenever it notices pairs like that. The window is already found under "telephony", it's not a stretch to presume auto-highlighting pairs of streams would be useful lol
Hi,sir . I’ve get two tiny questions. Is the SBC in my window pc primarily or I should download one? And sir you click the “telephony-RTP-RTP Streams” to find the streams instead of using filter Protocol==RTP , how could understand “RTP”, is something in protocol or it is protocol itself?🤔️ Thanks so much ,
Would a capture of managed switch port mirror would work also, or would you just get one side of the data? A mirror of a port that one of the parties is connected to of course
Yes this would work if you mirror the actual access port connected to one of the PCs. If you mirror a port at the distribution or core layers you may miss one direction.
Wow, well done! Fantastic demonstration. In fact I can understand the conversation because that's my native language lol. Following the invitation at the end of your video, I had an issue a few weeks back and I captured the packets. The problem was at the other end but I'd like to understand who was sending a reset. How could I upload the pcap file? Long story short: we couldn't send emails just to a specific domain
Thank you Fabian! If you'd like to send in a file, you can do so here: www.dropbox.com/request/eB1ZFDicpOJ5nnft5eSp I would be happy to provide the analysis for free, with the condition that I can present the findings on the channel. Let me know!
Thank you @@plaintextpackets! I just uploaded the file. Unfortunately many packets are size limited because I didn't configure monitor capture properly on the switch. I hope it contains enough information
A few years ago I had to set up an analog fax over VoIP. I had trouble getting It working (turned out to be delay, echo and telephone port impedance). Is there a way that Wireshark can decode analog modulated data over VoIP like fax and modems?
@@plaintextpackets The ATA used was a Grandstream HT-801. Here in Germany a huge number of fax machines are still in service. Even after the landline and ISDN networks are almost completely phased out. Mostly the ISP provided routers have ATAs integrated, some even have S0 ports for ISDN like the Fritzbox 7590. These devices are mostly plug and play. That makes the use of telephones and fax machines pretty easy. And yes an analog piece of paper digitized by a fax machine which then modulates an analog audio signal into and ATA which converts it to digital VoIP sends it over the internet and then everything in reverse sounds stupid. But the fax system has some qualities that modern IT still lacks. When i debugged it I used Wireshark to export the audio from the RTP stream and used an obscure tool (forgot the name) to debug the fax handshake.
Yeah if you can get the RTP portion of it then you can at least see if it is a handshake problem. But if the analog piece has signal quality issues you won't necessarily see that
From the router: the router would either need to support packet capture via gui or a CLI tool like tcpdump. Some modern or small business routers have this capability, most enterprise ones do as well. If you’re somewhat advanced you can look up how to turn an old Linux box or a raspberry pi into a Linux network tap. That would allow you to capture the traffic by placing the tap between your router and PC. There are professional taps but they are $$$&.
RTP traffic is generally unencrypted within networks (companies, school campuses, etc). If exchanged over the internet or insecure networks vendors are likely to use encryption. WhatsApp uses its own proprietary protocol which is encrypted
Whatsapp is end-to-end encrypted from user a to user b. But in realty you can’t trust nobody . It’s a question about time. They stored NOW our data in hope that one day when the encrypt key ist locked up they can’t see what is written befor. All what we write and all what we say is in the end all zero and one . In the future when quantum computer encrypt from today some standard encrypt methods is it easy to go back and lock what is written befor.
@@karim6514Well, they claim to use it. They say they use the signal-protocol, but since Signal is Open source, they are free to temper with that as they wish
As shown in the video this only works if you are capturing from the PC where the call is taking place. If you want to sniff the traffic from another PC you need to do something like ARP poisoning
If the vpn client is installed on your PC then no they won’t be able to see the traffic. This is why you should use VPN when in public networks like airports or coffee shops
Please give me a example that a PC to PC call means which application they use for conversation and is there any dedicated device required to take the captured and later analysis using Wireshark.??
@@plaintextpackets is there any way to listen to them without touching or hacking the target phone? Because I'm in urgent need of that, (some family issues has to be solved with solid evidence) any way to crack the encryption?
@@rashidbinzaiyed7149you would need a setup to capture the data and depending if it's a 3/4/5g connection a good amount of time to brute force the encryption. It's doable but it takes time and if you are caught you will probably spend a few years in prison.
It could if your kids were using VoIP, but you would need to capture their traffic continuously and store it somewhere. We do it at the Enterprise level but it is costly.
I was thinking of setting up VOIP this year for the home office. Perfect timing! This should be very fun to mess around with in the lab! Thank you very much for the informative video!
You should!
Wireshark should definitely match rtp streams whenever it notices pairs like that. The window is already found under "telephony", it's not a stretch to presume auto-highlighting pairs of streams would be useful lol
Oh agreed 100%
Sick stuff, im subbing. You think you could do a Wireshark101 series? That would be very helpful.
I’m thinking about it! I’m getting better at the production stuff so makes it easier to fit in videos in my spare time
Incredible, thanks for the demo!
You’re welcome!
Thanks for the demonstration!
My pleasure!
This is gonna be fun!!!
Juan is still trying to find which one are they testing
Learnt something new today, thank you ❤
Amazing video sir 👍 support from India 😀
Thank you!
@@plaintextpackets big fan sir love from India 🇮🇳 😊❤❤❤
You are real pro...interesting
wow amazing example love your channel!!!!!!🎉🎉
Thanks!
Hi,sir . I’ve get two tiny questions.
Is the SBC in my window pc primarily or I should download one?
And sir you click the “telephony-RTP-RTP Streams”
to find the streams instead of using filter Protocol==RTP , how could understand “RTP”, is something in protocol or it is protocol itself?🤔️
Thanks so much
,
Would a capture of managed switch port mirror would work also, or would you just get one side of the data? A mirror of a port that one of the parties is connected to of course
Yes this would work if you mirror the actual access port connected to one of the PCs. If you mirror a port at the distribution or core layers you may miss one direction.
Wow, well done! Fantastic demonstration. In fact I can understand the conversation because that's my native language lol. Following the invitation at the end of your video, I had an issue a few weeks back and I captured the packets. The problem was at the other end but I'd like to understand who was sending a reset. How could I upload the pcap file? Long story short: we couldn't send emails just to a specific domain
Thank you Fabian! If you'd like to send in a file, you can do so here: www.dropbox.com/request/eB1ZFDicpOJ5nnft5eSp
I would be happy to provide the analysis for free, with the condition that I can present the findings on the channel. Let me know!
Thank you @@plaintextpackets! I just uploaded the file. Unfortunately many packets are size limited because I didn't configure monitor capture properly on the switch. I hope it contains enough information
No problem. Is there a specific conversation you’re focusing on (source Ip / destination Ip), timestamp or protocol?
@@plaintextpackets so sorry. I just realized I sent the unfiltered conversation. In a couple of minutes I will upload just the filtered packets
@fabiantoro7146 check out my latest video, I reviewed your problem!
please do you have a CCNA videos?
I did my CCNA years ago and would probably fail now 😅
Seriously cool bro
What types of call does this work with ?
WhatsApp is encrypted right ?
And so are normal calls (non wifi)
So what kind of calls does this work on ?
RTP is used by voip phones in large enterprises, schools, hospitals, etc
Ip phone only? Viber call?
Yes this will only work with ip phones using RTP
A few years ago I had to set up an analog fax over VoIP. I had trouble getting It working (turned out to be delay, echo and telephone port impedance). Is there a way that Wireshark can decode analog modulated data over VoIP like fax and modems?
That’s a good question, I believe you’d have to use like a VoIP converter to capture the traffic which would defeat the point
@@plaintextpackets The ATA used was a Grandstream HT-801.
Here in Germany a huge number of fax machines are still in service. Even after the landline and ISDN networks are almost completely phased out. Mostly the ISP provided routers have ATAs integrated, some even have S0 ports for ISDN like the Fritzbox 7590. These devices are mostly plug and play. That makes the use of telephones and fax machines pretty easy.
And yes an analog piece of paper digitized by a fax machine which then modulates an analog audio signal into and ATA which converts it to digital VoIP sends it over the internet and then everything in reverse sounds stupid. But the fax system has some qualities that modern IT still lacks.
When i debugged it I used Wireshark to export the audio from the RTP stream and used an obscure tool (forgot the name) to debug the fax handshake.
Yeah if you can get the RTP portion of it then you can at least see if it is a handshake problem. But if the analog piece has signal quality issues you won't necessarily see that
Do you have to be on the same network to listen?
You need to take a capture of the traffic, there are methods to do this like ARP poisoning which do require you to be on the same network
@@plaintextpackets can you also make a video on how to capture otp messages with Wireshark?
@@xDelmore I think your asking for a bit toooooo much, so just keep yapping and lieing. il listen,
Whats the best way to defend against this? SRTP, TLS?
Any sort of encrypted voice protocol. Many web-based voice apps are encrypted.
I connected mobile hotspot with pc and same hotspot connect with my device but not showing anything in RTP why
How do I intercept other user not necessary my own conversation , but communication with party in the same network with me
Do you have another channel where I can follow you? Discord, Reddit?
Discord! Check the description
How would you get wireshark to sniff the traffic of another device? In this case the router or middleman device?
From the router: the router would either need to support packet capture via gui or a CLI tool like tcpdump. Some modern or small business routers have this capability, most enterprise ones do as well.
If you’re somewhat advanced you can look up how to turn an old Linux box or a raspberry pi into a Linux network tap. That would allow you to capture the traffic by placing the tap between your router and PC. There are professional taps but they are $$$&.
is it not enceypted at all? what about whatsapp calls?
RTP traffic is generally unencrypted within networks (companies, school campuses, etc). If exchanged over the internet or insecure networks vendors are likely to use encryption. WhatsApp uses its own proprietary protocol which is encrypted
Whatsapp is end-to-end encrypted from user a to user b. But in realty you can’t trust nobody . It’s a question about time.
They stored NOW our data in hope that one day when the encrypt key ist locked up they can’t see what is written befor.
All what we write and all what we say is in the end all zero and one .
In the future when quantum computer encrypt from today some standard encrypt methods is it easy to go back and lock what is written befor.
I believe WhatsApp uses the same encryption as Signal
@@karim6514Well, they claim to use it. They say they use the signal-protocol, but since Signal is Open source, they are free to temper with that as they wish
But yes, it's end to end encrypted
How can we capture the same packet with our pc?
Without using any existing files can you please show it live,
That you are capturing RTP etc etc
I’ll post a video on this soon.
Does the device need to be connected to same network as the pc ?
As shown in the video this only works if you are capturing from the PC where the call is taking place. If you want to sniff the traffic from another PC you need to do something like ARP poisoning
@@plaintextpackets so I won't be able to hear any phone calls made on smartphones?
Nope
Really good video
Thanks!
Oh wow u just tap el chapo personal phone...damnnnn 😂
Wow. Thank you so much.. 👍
You are so welcome!
what kind of call is this?
Digital voice call using the RTP protocol
In order to determine if the target is using rtp we would type rtp in wireshark right
Yep you can use ‘rtp’ as your display filter
@@plaintextpackets would this work against the text now app how would we do that
00:53 I heard it as "and you should cease to exist💀"
Lool
How can I contact with you brother?
plaintextpackets@gmail.com
@@plaintextpackets you don't have telegram for easy contact brother?
No unfortunately I don't
@@plaintextpackets brother I have sent you message
skip to 4:27
Can a vpn app or other apps perform this since it is connected in ?
Can you restate the question?
@@plaintextpackets if i install a vpn application and since it is connected to my network can they do such things as you did in my network
If the vpn client is installed on your PC then no they won’t be able to see the traffic. This is why you should use VPN when in public networks like airports or coffee shops
Wow who designed your thumbnail?
Dall-E 😁
Ai
Ai
Thanks man. BTW you got a new sub! ♥
Thanks for the sub!
I want to try
Sure!
For educational purposes only wink wink
To be really good in networking and security you need to know how to break things
why when i open RTP streams its not showing anything?
You may not have RTP packets present in the capture.
@@plaintextpackets dose it work on whatsapp and Instagram voice calls?
Nope
I called with sip both side but not showing@@plaintextpackets
Im trying to set these up for companies.... All of the good ones to monitor calls for better customre service 😂😂
I’m new at wire shark so do you use wireshark
Thumbs Up
Please give me a example that a PC to PC call means which application they use for conversation and is there any dedicated device required to take the captured and later analysis using Wireshark.??
I will do a part 2 to this video
Can I listen to normal calls of mobile phones? Like Android to Android, iPhone to iPhone, Android to iPhone or telephone etc?
No, cellular voice calls from modern cellphones are all encrypted
@@plaintextpackets is there any way to listen to them without touching or hacking the target phone? Because I'm in urgent need of that, (some family issues has to be solved with solid evidence) any way to crack the encryption?
@@rashidbinzaiyed7149you would need a setup to capture the data and depending if it's a 3/4/5g connection a good amount of time to brute force the encryption. It's doable but it takes time and if you are caught you will probably spend a few years in prison.
@@rashidbinzaiyed7149 rashid XDD ofc indian guy rofl
cool videos more plz
Sure!
Can this be used as a method of parental controls?
It could if your kids were using VoIP, but you would need to capture their traffic continuously and store it somewhere. We do it at the Enterprise level but it is costly.
Cooool 🎉🎉🎉
wow
Do we need external hardware to capture?
No you can capture from Wireshark or tcpdump if you have access to the pc. I will make a video showing how in the near future
will wait for that video@@plaintextpackets
i know thats isp and even any intellgence can capture my phone call on any network or host ..
doesnt matter ...😐😐 😊
👀
u sound pretty similar to Technoblade.
Can we sniff volte packets too 😊
Would this work for discord?
Unfortunately no, Discord uses an encrypted audio codec: discord.com/developers/docs/topics/voice-connections
how bout you demonstrate not using AI for your thumbnails
I have no art skills!
Great vid. New sub, you have discord channel?
Thanks! No but good suggestion I’ll make one soon
discord.gg/QgAnHXke @MrXtahsee
shhhhhhhhhhhhet