Академический Документы
Профессиональный Документы
Культура Документы
1. Open Wireshark and under the Capture menu select Capture Filters...
2. Ensure that we are capturing data using the actual physical network card and
not one associated with any virtual machines. Ensure Enable promiscuous
mode on all interfaces is checked and then click on Start
We are now listening to all Network Communications on the network card, well
know this is the case as the window below fills with captured packets.
5. You then need to find a packet from the many you have captured which has
been sent from one IP phone to the other. Last week the assigned IP
addresses to the phones were 192.168.1.2 and 192.168.1.3 however these
may have changed. You can check an IP phones address by using the
phones menu.
6. Once you have found a suitable UDP packet sent between both IP phones
right click on it and select Decode As...
7. Currently our UDP packet has not been decoded into any other format but if
we click on the drop-down list in the Current column we can choose to
decode the packet as an RTP Packet. After selecting RTP from the dropdown list click OK.
8. Now Wireshark views our packet as an RTP packet (evidence of this is in the
example below as the bottom packet has changed to an RTP Packet). With
that the case go into the Telephony menu and under RTP select Stream
Analysis.
9. The Stream Analysis dialogue box opens from here select Play Streams
10. Finally pressing the Play button here will play back your likely inappropriate,
captured conversation.
DONE!
Questions to consider....
1. In this exercise we were capturing Packets as opposed to Frames using
Wireshark. How do we know thats the case?
2. Eavesdropping on the network here contravenes which law(s), if any?
3. What basic levels of security could we introduce to prevent this from
happening?