摘要: 针对以会话启动协议(SIP)为基础的VoIP会话,通过对捕捉到的数据包进行分析,提出一种旁路监听时VoIP行为分析与内容还原的方法。该方法能够有效过滤与VoIP通信无关的数据包,正确还原并记录VoIP的通信行为与通信内容。利用该方法在SNORT中实现VoIP行为分析与内容还原系统,已成功应用于实际项目中。
关键词:
VoIP技术,
会话初始化协议,
会话描述协议,
网络入侵检测软件,
旁路监听,
行为分析,
内容还原
Abstract: Through analysis of the network data packets about Session Initiation Protocol(SIP)-based Voice over Internet Protocol(VoIP) in the case of bypass monitoring, a method is proposed to recover the VoIP information on bypass monitoring. This method can deal with all kinds of complex situation, filter out the network data packets which have nothing to do with VoIP communications effectively and recover the behaviors and contents of VoIP communications correctly. This method implements a VoIP behavior analysis and content recovery system based on SNORT that is applied to practical projects.
Key words:
Voice over Internet Protocol(VoIP) technology,
Session Initiation Protocol(SIP),
Session Description Protocol(SDP),
network intrusion detection software,
bypass monitoring,
behavior analysis,
content recovery
中图分类号:
赵寒松, 吴承荣, 王国平. 旁路监听下VoIP行为分析与内容还原[J]. 计算机工程, 2012, 38(06): 145-147.
DIAO Han-Song, TUN Cheng-Rong, WANG Guo-Beng. VoIP Behavior Analysis and Content Recovery Under Bypass Monitoring[J]. Computer Engineering, 2012, 38(06): 145-147.