Wednesday, November 26, 2008

UCSniff VoIP Sniffer

UCSniff is a VoIP Sniffer / Assessment / Pentest tool with some useful new features. UCSniff is a Proof of Concept tool to demonstrate the risk of unauthorized VoIP eavesdropping - it can help you understand who can eavesdrop, and from what parts of your network. It is intended for next generation enterprise VoIP Infrastructures that rely on Voice VLANs to segment UC applications for QoS requirements. UCSniff was born from pentesting and the "VoIP Hopper" tool as an idea to combine automated Voice VLAN Discovery and VLAN Hop with MitM, along with targeted VoIP attacks against users in the VoIP Corporate Directory. Eavesdropping is one of many potential VoIP-specific attacks that can take place, and UCSniff can be used by other researchers and security professionals as a base tool to explore this idea. UCSniff is a text-only application, written in C, that runs in the Linux OS environment. It is freely available under the GPLv3 license for anyone to download and use.

Feature List

* VoIP Sniffer
* Automated Voice VLAN Discovery (CDP)
* VLAN Hop Support
* Sniffing across Ethernet Switches
* Automatic creation of forward and reverse RTP media streams into a single file
* Automatic recording and saving of conversations using G.711 u-law codec
* Automatic recording and saving of conversations using G.722 codec
* MitM ARP Poisoning and host management support
* Monitor Mode (Span Session, Hub)
* Tracking and tracing of users, with logging
* Support for Cisco SIP, Cisco Skinny, RFC 3261 SIP
* Target Mode (Target User, Target Conversation)
* Corporate Directory Tool and functions (ACE)
* ARP Saver Tool to restore network in emergencies
* Detects if Gratuitous ARP is disabled on IP Phone
* Only requires 1 phone (not both) in source VLAN in order to capture entire conversation


Download and More Info

No comments: