* [LARTC] how to classify sip traffic (voip)
@ 2005-07-26 13:02 Fabian Gervan
2005-07-26 13:29 ` Sylvain Bertrand
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Fabian Gervan @ 2005-07-26 13:02 UTC (permalink / raw)
To: lartc
How i can classify sip traffic (voip)??
I try dst 5060 udp port, but dont'work. sip sesion use dynamic port.
Sniffing packets with windows net-peeker, I see that packets lenghts
is always‡
How i can filter, by packet lenght, with u32?
Regards
Fabian
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [LARTC] how to classify sip traffic (voip)
2005-07-26 13:02 [LARTC] how to classify sip traffic (voip) Fabian Gervan
@ 2005-07-26 13:29 ` Sylvain Bertrand
2005-07-26 13:39 ` Alessandro O. Ungaro
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Sylvain Bertrand @ 2005-07-26 13:29 UTC (permalink / raw)
To: lartc
On Mar 26 juillet 2005 15:02, Fabian Gervan a écrit :
> How i can classify sip traffic (voip)??
>
> I try dst 5060 udp port, but dont'work. sip sesion use dynamic port.
>
> Sniffing packets with windows net-peeker, I see that packets lenghts
> is always‡
> How i can filter, by packet lenght, with u32?
>
> Regards
> Fabian
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
You may want to use l7-filters and mark the packets with iptables.
Regards,
--
Sylvain Bertrand
Paris, FRANCE
+33 (0)6 64 43 17 69
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [LARTC] how to classify sip traffic (voip)
2005-07-26 13:02 [LARTC] how to classify sip traffic (voip) Fabian Gervan
2005-07-26 13:29 ` Sylvain Bertrand
@ 2005-07-26 13:39 ` Alessandro O. Ungaro
2005-07-27 5:14 ` Vinod Chandran
2005-07-28 1:19 ` Nathan Littlepage
3 siblings, 0 replies; 5+ messages in thread
From: Alessandro O. Ungaro @ 2005-07-26 13:39 UTC (permalink / raw)
To: lartc
Fabian,
on IP/UDP header you have the Length field, you can try to match this.
Regards,
Alessandro Ungaro
x-arnie
Fabian Gervan wrote:
> How i can classify sip traffic (voip)??
>
> I try dst 5060 udp port, but dont'work. sip sesion use dynamic port.
>
> Sniffing packets with windows net-peeker, I see that packets lenghts
> is always‡
> How i can filter, by packet lenght, with u32?
>
> Regards
> Fabian
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] how to classify sip traffic (voip)
2005-07-26 13:02 [LARTC] how to classify sip traffic (voip) Fabian Gervan
2005-07-26 13:29 ` Sylvain Bertrand
2005-07-26 13:39 ` Alessandro O. Ungaro
@ 2005-07-27 5:14 ` Vinod Chandran
2005-07-28 1:19 ` Nathan Littlepage
3 siblings, 0 replies; 5+ messages in thread
From: Vinod Chandran @ 2005-07-27 5:14 UTC (permalink / raw)
To: lartc
> Fabian,
>
> Try adding the following Iptable rule with a filter for the mark value..
> iptables -t mangle -A PREROUTING -p udp -m lenght <length value> -j
> MARK --set-mark 1
>
> Regards,
> Vinod C
Fabian Gervan wrote:
>How i can classify sip traffic (voip)??
>
>I try dst 5060 udp port, but dont'work. sip sesion use dynamic port.
>
>Sniffing packets with windows net-peeker, I see that packets lenghts
>is always‡
>How i can filter, by packet lenght, with u32?
>
>Regards
>Fabian
>_______________________________________________
>LARTC mailing list
>LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] how to classify sip traffic (voip)
2005-07-26 13:02 [LARTC] how to classify sip traffic (voip) Fabian Gervan
` (2 preceding siblings ...)
2005-07-27 5:14 ` Vinod Chandran
@ 2005-07-28 1:19 ` Nathan Littlepage
3 siblings, 0 replies; 5+ messages in thread
From: Nathan Littlepage @ 2005-07-28 1:19 UTC (permalink / raw)
To: lartc
SIP uses 5060. What is hard is to classify is the RTP streams since they
use pretty much any port. Its best to classify the SIP and RTP traffic
at the endpoints and honor the labeled packets through the network.
Fabian Gervan wrote:
> How i can classify sip traffic (voip)??
>
> I try dst 5060 udp port, but dont'work. sip sesion use dynamic port.
>
> Sniffing packets with windows net-peeker, I see that packets lenghts
> is always‡
> How i can filter, by packet lenght, with u32?
>
> Regards
> Fabian
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-07-28 1:19 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-26 13:02 [LARTC] how to classify sip traffic (voip) Fabian Gervan
2005-07-26 13:29 ` Sylvain Bertrand
2005-07-26 13:39 ` Alessandro O. Ungaro
2005-07-27 5:14 ` Vinod Chandran
2005-07-28 1:19 ` Nathan Littlepage
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.