Yes, some. Switches forward packets at layer two (mac address), and learn the location of each mac address by listening to packets. Once it has learned the switch ports associated with the mac address, the switch will _not_ forward sip or rtp traffic to other ports not associated with the sip/rtp session.
Example: one * with 100 sip phones on a corporate net with canreinvite=yes. All established phone-to-phone rtp conversations happen directly between the two sip phones. If this corporate net uses switches, you could not monitor the rtp traffic unless you had access to one of the switches in the rtp path, and set up a port mirror to watch it. Good security relies on multiple layers; the use of switches qualifies as a very simple example of one layer. UserID & passwords are another layer, while encryption is yet another, etc, etc. ------------------------ > So if I use switches does that offer any basic easedroping protection. > > -----Original Message----- > From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> > To: Asterisk Developers Mailing List <[email protected]> > Sent: Sat Jan 08 15:06:21 2005 > Subject: Re: [Asterisk-Dev] VoIP Call Sniffer > > > >>The Bad News: > > >> > > >>| VoIPong is a utility which detects all Voice Over IP calls on a > > >>| pipeline, and for those which are G711 encoded, dumps actual > > >>| conversation to seperate wave files. It supports SIP, H323, Cisco's > > >>| Skinny Client Protocol, RTP and RTCP. > > > > > > > > > This actually sounds very much like an Ethereal rip-off. Which has had > > > this functionality for at least two years. > > > > > > > Has anyone on the list actually gotten it to work? > > > > I installed it at several places on my network, just to play around. > > And even it situations where I'm pretty certain Ethereal sees the calls > > just fine, nothing gets reported by this program. > > If you are using ethernet switches, it won't see the rtp traffic. > > _______________________________________________ > Asterisk-Dev mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-dev > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev ---------------End of Original Message----------------- _______________________________________________ Asterisk-Dev mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-dev To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
