0
I am new to stack exchange. What I am trying is: I am pumping traffic from one server by the following command: tcpreplay -i ens3 ~/daniel/sipdump.pcap from server 1
And I am capturing the traffic in the server 2 by tcpdump -i ens3 -nn I want to block all SIP traffic which uses 5060 by default as source or destination.
But the ip in the pcap is not destination ip: My server 2 ip is different(192.168.101.5). As I am pumping a pcap the ips are different(source and destination).
[root@serevr1]# tshark -r outbound_incoming1.pcap
1 0 172.16.130.119 -> 172.16.130.119 SIP/SDP 561 Request: INVITE sip:sandeep@com:5060 |
2 0 172.16.130.119 -> 172.16.130.119 SIP 358 Status: 100 OK |
3 0 172.16.130.119 -> 172.16.130.119 SIP 358 Status: 183 OK |
4 0 172.16.130.119 -> 172.16.130.119 SIP 439 Request: PRACK sip:sandeep@com:5060 |
5 0 172.16.130.119 -> 172.16.130.119 SIP 364 Status: 200 OK |
6 0 172.16.130.119 -> 172.16.130.119 SIP 364 Status: 180 OK |
7 3 172.16.130.119 -> 172.16.130.119 SIP/SDP 529 Status: 200 OK |
8 3 172.16.130.119 -> 172.16.130.119 SIP 398 Request: ACK sip:sandeep@com:5060 |
9 6 172.16.130.119 -> 172.16.130.119 SIP 385 Request: BYE sip:kapil@com:5060 |
10 6 172.16.130.119 -> 172.16.130.119 SIP 346 Status: 200 OK |
I want to drop/accept the sip traffic which are the udp packets in iptables which I am not able to do so.
Please help me out to do so.
Changing the MAC wont help as we are doing a port mirroring and dumping the packets on mirrored port where I am sniffing/filtering all sip packets. – Debiprasanna Mohanty – 2019-01-31T05:02:05.717
HOST A--------->SWITCH-------->HOST B – Debiprasanna Mohanty – 2019-01-31T05:13:26.383
SWITCH-->Mirrored Port-->Sniffing application – Debiprasanna Mohanty – 2019-01-31T05:15:00.787