Promiscious monitoring to sniff VoIP calls
Posted: Fri Jun 10, 2016 2:00 am
Yes the title sounds dodgy but let me explain.
My company currently has a hosted VoIP solution to which we record calls to and from our call centre. To record, a server hangs off a monitoring port on the local switch where all call centre phones are patched into mirroring ports. This means the server can see the VoIP packets to record them. Because the VoIP solution is hosted, we don't have the option to mirror the PBX server. Who knows where it is. Somewhere in that cloud.
Now I have been requested to configure call recording for two phones in a remote branch. My first thought was to use a switch with remote port mirroring. But I have found that most switches only support remote mirroring via a VLAN. Because the remote site is across a managed MPLS WAN, the VLAN cannot traverse.
This got me experimenting with OpenVPN to tunnel the traffic across our WAN before I stumbled across SoftEther. To the developers, well done on a fantastic VPN suite. It has so many great features.
I have read through to doco and experimented with the interface. I can see that SoftEther can do bridging and monitoring which is excellent. It sounds like it will do exactly what I need. Unfortunately, I cannot get it working.
In my test lab here is what I have done:
1) Setup a Linux VM to ping to the web to simulate a packet not destined to our network. I have configured this Hyper-V VM to by a source for 'mirroring mode'. This Hyper-V mirroring feature simulates mirroring mode on a physical switch.
2) Setup a SoftEther Server on a Windows VM. This VM is the destination for Hyper-V mirroring mode. If I run Wireshark, I can see the outbound packets fine. This simulates a potential VM for the remote site to capture packets and send them over the WAN via a VPN tunnel.
3) Created a new Virtual Hub and a new Bridge to the vNIC that can see the outbound packets.
4) Modified the server configuration file (vpn_server.config) to enable 'MonitorMode' as true for the new bridge.
5) Created a single user with a password and a Security Policy to 'Allow Monitoring Mode'.
6) Created a Windows VM, installed the SoftEther client, and created a new Virtual Network Adapter and VPN Connection. I edited the connection to use 'Monitoring Mode' in 'Advanced Settings'.
7) Connected and attempted to capture the outbound packets via Wireshark on the VPn client VM with no avail.
Is there anything else I need to configure?
Is there any way to troubleshoot where the packets are being dropped? I.e. on the server or client?
My company currently has a hosted VoIP solution to which we record calls to and from our call centre. To record, a server hangs off a monitoring port on the local switch where all call centre phones are patched into mirroring ports. This means the server can see the VoIP packets to record them. Because the VoIP solution is hosted, we don't have the option to mirror the PBX server. Who knows where it is. Somewhere in that cloud.
Now I have been requested to configure call recording for two phones in a remote branch. My first thought was to use a switch with remote port mirroring. But I have found that most switches only support remote mirroring via a VLAN. Because the remote site is across a managed MPLS WAN, the VLAN cannot traverse.
This got me experimenting with OpenVPN to tunnel the traffic across our WAN before I stumbled across SoftEther. To the developers, well done on a fantastic VPN suite. It has so many great features.
I have read through to doco and experimented with the interface. I can see that SoftEther can do bridging and monitoring which is excellent. It sounds like it will do exactly what I need. Unfortunately, I cannot get it working.
In my test lab here is what I have done:
1) Setup a Linux VM to ping to the web to simulate a packet not destined to our network. I have configured this Hyper-V VM to by a source for 'mirroring mode'. This Hyper-V mirroring feature simulates mirroring mode on a physical switch.
2) Setup a SoftEther Server on a Windows VM. This VM is the destination for Hyper-V mirroring mode. If I run Wireshark, I can see the outbound packets fine. This simulates a potential VM for the remote site to capture packets and send them over the WAN via a VPN tunnel.
3) Created a new Virtual Hub and a new Bridge to the vNIC that can see the outbound packets.
4) Modified the server configuration file (vpn_server.config) to enable 'MonitorMode' as true for the new bridge.
5) Created a single user with a password and a Security Policy to 'Allow Monitoring Mode'.
6) Created a Windows VM, installed the SoftEther client, and created a new Virtual Network Adapter and VPN Connection. I edited the connection to use 'Monitoring Mode' in 'Advanced Settings'.
7) Connected and attempted to capture the outbound packets via Wireshark on the VPn client VM with no avail.
Is there anything else I need to configure?
Is there any way to troubleshoot where the packets are being dropped? I.e. on the server or client?