Wireshare Check for Torrentz - wireshark

I want to use wireshark to check which network users is using Port 59666 for downloads. Is it possible to use wireshark? and how would I begin to do this?

It may be possible to do this with wireshark, but it may require you to adjust your network topology to achieve this.
Firstly you need to decide where to run wireshark.
Wireshark can only tell you about network packets that it can see. To assist, wireshark can put the network card into promiscuous mode, but if the network card is connected to a switch, the switch will not send other network packets to you - so wireshark cannot report on them.
If your users are connected using wifi, then you can run wireshark on a wifi addapter and inspect all wifi network packets from all users on that wifi network. You may also install wireshark on a computer operating as the router / firewall, and inspect all the packets there.
The final option depends on your switch hardware. On managed switches it is usually possible to duplicate all network traffic to an additional port. That would allow you to connect your computer to this port, and then run wireshark on this network connection.
When you are receiving the wireshark trace, set up a filter for the ports you are interested in, and wait for your users to send packets. Inspect the packets, and you will see the source IP address. You now need to translate this IP address to a physical computer (DNS / DHCP servers may help with this).
Depending on your computer environment, tracking it down to a single computer may not identify an individual responsible. Someone could have left a torrent running in the background and someone else could have logged onto and used the machine.

Related

Why I can not read http request with wireshark?

I try to see the network trafic of my mobile device in my home wlan network.when I opened wireshark, listening on the WLAN Adapter and entered http.request.method == "GET"` to the wireshark filter.
All I can see is the requests from my laptop and not of my mobile device.
If I enter ip.addre == 10.0.0.30 i can see the protocolls BJNP, ICMP, IGMPv2 and so on.
What is the reason for this behavior?
In my opinion, if I can see a TCP IP Protocol, it should be also possible to see a HTTP request.
There are two things that need to happen in order for you to be able to sniff TCP traffic from another device.
Your device needs to receive the traffic you want to analyze, and
Your device must be configured in "promiscuous mode".
If promiscuous mode is disabled (which is the default), packets not intended for your laptop will never make it to Wireshark. They will instead be filtered out by your network adapter.
There are cases where this is not enough, for example, if you connect to a network with a layer 2 switch.
The first thing you need to ensure is that your network adapter is set to monitor or promiscuous mode, otherwise you just won't be able to see packets not meant for your NIC. Also, set your computer as an access point, and connect your phone to said access point.
If you're going to sniff HTTPS traffic don't forget to add your own certificate to the phone.

Using Twilio to make/receive calls via Cisco SPA504G IP phone

Looking to place calls using our Cisco SPA504G IP phones through Twilio. We have 4 phone lines/numbers with Twilio and we want to use them to place and receive calls on physical phones.
Edited Question:
I found an interesting post in here: https://ertw.com/blog/2013/11/05/using-an-ip-phone-with-twilio/
This where my steps in order to get the phone to ring but I could not hear voice :/
I just bought: http://www.amazon.com/Grandstream-GXP1620-Medium-Business-Device/dp/B00VUU8EZM
Connected phone to my router. I am port forwarding all traffic in the ranges from 10000-20000 to the phone. I am also port forwarding port 5060 to the phone.
Uploaded the following xml file:
<Response>
<Say>Testing</Say>
<Dial>
<Sip>
sip:line1#24.51.221.98
</Sip>
</Dial>
</Response>
that can be found at: http://antnam.com/voip.xml
I called my internet provider and now I have a static IP address so that 24.51.221.98 never changes.
I configured my twilio number (855) 804-0420 to execute a GET # http://antnam.com/voip.xml
When I call (855) 804-0420 I can hear the phone that is connected to my router (voip phone) ring!!! So good news I am able to call the phone I purchased on step 1!
Once I answer the call I am not able to listen to voice :/ . What could I be doing wrong?
In summary everything works great I am just not able to listen to anything. It is as if the call is on mute. Am I missing to open more ports?
It sounds like this may just be a NAT traversal problem; if it is please move or remove this question, as this would only be relevant if you were programming this client. There is a ton of info out there about this issue (for example here is an excellent article that comes up as the first result when I google "voip nat traversal"), but here's a quick summary:
Why NAT causes a problem for VoIP
Most VoIP protocols use a data stream on one port (e.g. 5060 in this case) to negotiate connection information that includes among other things a socket (IP address and port) to receive audio/RTP traffic; there are 2 things about this negotiation of a socket that might be unexpected:
It can be any IP address and port combination, not just one that is on the VoIP device itself. So you might have for instance a VoIP server that negotiates a socket on another host that is not part of the SIP dialog, and which might be behind a NAT
The negotation is done at the OSI Application Layer (Layer 7), so it is normally untouched by the NAT process, which operates at Layers 3 and 4
How to diagnose missing audio due to NAT
If you're able to get packet captures (ideally on both WAN and LAN ports, so you can see your VoIP device's traffic before and after NAT), you can see the problem in action: just look for the packets containing SDP payloads (e.g. if you're doing SIP on UDP 5060, just filter for that port and you will see INVITE requests and 200 OK responses that contain SDP payloads); drill down to the c (Connection Information) and m (Media Description) lines, which should look something like the following:
c=IN IP4 192.168.1.114
m=audio 6094 RTP/AVP 0 8 101
If you're seeing something like this going out your WAN port, it means your VoIP device is requesting to be sent audio on 192.168.1.114:6094; the IP address is a private address and cannot be routed over the internet; the port is just one I picked randomly, but the one you see needs to be open and forwarded to your device
How to fix it
There are various solutions to this problem, which all come down to rewriting the private IP address that your device is giving out into the public one that your device's traffic is being NAT'd out on, so that when the remote device parses the Connection Information line in the SDP, it has a valid, publicly routable IP address to send the audio traffic to, and a UDP port that is NAT'd to your device. Sometimes the VoIP device itself can handle the rewriting (e.g. you can either statically tell the device in its configuration what its public IP is, or it can discover it from a protocol like STUN), sometimes the rewriting is done by the firewall/router that is doing the NAT (there are various names for this, like SIP ALG or SIP Fixup).
Unfortunately due to the variations in NAT implementations across various routers and firewalls, no solution can be guaranteed to work 100% of the time; and if you have multiple devices behind the same firewall, having it do the rewriting will only work for one of them.
In your case:
You mention 2 different VoIP devices, a Cisco SPA504G, and a Grandstream GXP1620. The datasheets for both devices say they support STUN, so I'd start looking in its config for the STUN settings or anything else that references NAT traversal. Also, make sure that the ports you are forwarding to the device are the ones that it uses, this is usually just another item in the config, called something like "RTP base port" or "RTP range"
I would also ensure that you nat transveral enabled with stun using a public stun server such as stun.sipgate.net
Note: STUN operates on TCP and UDP port 3478.
This is required as the phone needs to send the external ip in the sip packets. Without stun it will send the internal ip and the far end sip device will attempt to send the data there.

UDP Packets IOS 9 LTE Network GCDASYNCUDP

I have a basestation (beaglebone running linux) at my home which is connected to multiple cameras. I connect my iPhone iOS9 to the basestation via TCP and the basestation will stream the video of each camera to a specific UDP port. All is well.
I want to be able to see the cameras when I am not connected to the local network. When my phone is connected to LTE, I have the iPhone connecting to the public address of my router via TCP and with port forwarding, all data is forwarded to the basestation. I am connecting and talking just like it was on the local network with the TCP client. All is well.
The problem is when the video is streamed via UDP on a specific port, no different than when on the local network, the basestation has no problem sending the packets, but the iPhone is not receiving anything. I am using GCDASYNCUDPSOCKET and my cellular carrier is Verizon.
I am wondering if this issue is due to Verizon blocking UDP packets? Or possibly there needs to be something else done other than just binding the iPhone UDP socket to a specific port and calling the beginreceiving function. I feel if it works on the local network, it should work on the cellular network.
I have also tried to ping the address of my cellphone from my computer which does not work. I am guessing the reason is because the iPhone has blocked this. It should be no different than pinging the address of google or anything else.
Please give me some insight on the possible issues or work arounds. I don't think I need to port forward the UDP since it is only outgoing and my Netgear router does not limit any outbound traffic (from the router to the iPhone). I was doing all this TCP before trying to send the video via UDP. It is much slower waiting to receive acks for 5 cameras streaming live video. And when it doesn't receive a packet it backs up the buffer and causes more issues. Also I had an issue with the TCP packets combining together so then I had to implement some kind of custom ack which made the delay worse, or add an end of message, but then it slows down on parsing and since I don't know exactly what data is coming it made things more difficult.
UDP is the way to go, just cannot receive the packets at this time. My understanding is a lot of games use UDP and they work on LTE network, so I'm not quite sure what the problem is. Is there special UDP ports that only work with Verizon?

Best way to find is my custom ethernet device is online and what IP it has got for iOS?

Ideas:
1. Pinging all my subnet ( using simple ping etc )
2. Sending GET to all IP in my subnet? ( may be too slow) waiting for 200 or 404 reply.
Thanx
Can you program your ethernet device to respond to Bonjour (mDNS) requests? That's the preferred discovery mechanism in the OSX/iOS ecosystem. avahi is an open-source mDNS daemon you might be able to run if your device runs a UNIX-like OS. You might also be able to find or write an embeddable mDNS server that you could integrate into your server if you're not running an OS as such.
Otherwise, I'd probably go with a custom broadcast UDP packet that the device will respond to. (which is basically what Bonjour/mDNS does, but less general) To send a broadcast UDP packet, open a UDP (datagram) socket and send a packet to the local subnet's broadcast IP. Make the packet contents suitably unique, and get your device to respond, e.g. using an HMAC, to avoid picking up any other devices or daemons which coincidentally answer on the same port.
This is a pure IP networking question. What you want to do is to send a TCP/IP broadcast message to the network and have you custom device respond to it. See TCP/IP Guide for some basic details.

Can I monitor traffic on my Incoming Dialup connection using Wireshark?

I am trying to create a RAS server in XP Pro. The idea is to log in to this server via a dialup connection. I have set up a new network connection via the New Connect Wizard in XP - according to this tutorial on techrepublic.
I am sure that the modem and the connection is working, I have tested it.
However, I want to monitor incoming network traffic on this connection. So I thought I would use Wireshark. The problem is that Wireshark does not list this incoming connection on the front page. It lists all my other network connections, ( e.g. my ethernet connection ) but not this one.
Whats the best way to monitor traffic on this connection?
Wireshark should be able to capture the traffic on your connection. I would check the protocol you're using for communication and make sure that Wireshark is monitoring those protocols. Also, I would make sure that Wireshark is actually capturing traffic on your dial up device. It sounds like it's currently monitoring your NIC card, not your modem.
I recently found Microsoft Network Monitor and it has ability to sniff on dialup adapter with Vista or Win7 as OS. Works great!
According to this Wireshark wiki page, you must use Winpcp 3.1 to be able to capture traffic on dial up modems.

Resources