5.2. Network - Algorithm mappings: voipongnets

Sniffing out voice is a tough task. You cannot design an algorithm and expect to catch all the VoIP calls. VoIP is relatively new and it is not a highly standardized technology. So there have to be several call catching algorithms for various setups. VoIPong provides a framework where you can set the call catching algorithm which you think will best suit your VoIP infrastructure. This results in a much more specialized and successful call sniffing.

5.2.1. Least False Positive (LFP) algorithm

This algorithm tries to detect calls generated via VoIP devices conforming to RTP and RTCP RFCs. This algorithm should detect and record a broad range of calls. The most obvious advantage of this algorithm is that you'll have barely no false positives. This is why this method is named as LFP. The #1 disadvantage will be that this will not be able to catch calls if there are no RTCP packets or the devices do not conform to RFCs. To use this algorithm, you will need to specify a network to use with it in your voipongnets file.

172.16.1.0/255.255.255.0   lfp
10.30.0.0/255.255.252.0    lfp
       


5.2.2. Fixed (Fixed Port) algorithm

Some VoIP devices (e.g. Grandstream™ IP adapters) use a fixed port to send and receive RTP datagrams, and they do not conform to RFCs, and do not send any link control information (RTCP packets). If you have such devices in your network, you can specify their algorithm as fixed in the voipongnets file. This algorithm cannot be used with networks, it can only be used with hosts, so netmask address should always be 255.255.255.255. Please note that, after the fixed keyword, you are expected to set the fixed port number the device is using. For example, suppose that you have a device which uses port 40000 to send RTP packets, you should add this line to your voipongnets file:

172.16.1.101/255.255.255.255   fixed   40000
       


5.2.3. LRA-SIP Algorithm

LRA-SIP will follow SIP signalling packets, and will spot the RTP/RTCP session from the SDP packets. This algorithm is not implemented yet, however I will be working on it for the next release (probably 2.1.?)