utoni
commented
1 year ago After taking a first look at the pcaps, I fear that not all flows related to 3cx can be classified reliable.
Closed sharonenoch closed 1 year ago
utoni
commented
1 year ago After taking a first look at the pcaps, I fear that not all flows related to 3cx can be classified reliable.
sharonenoch
commented
1 year ago Thankyou @utoni for taking a look..
Yes we also could not figure out a pattern from it, that's why I posted it here also to get more input incase we were missing something.. Since unlike other VOIP with STUN detection, there was no custom STUN attribute for 3CX nor was there any flow pattern from the RTP packets.
We can close this request for now and re-open it later when 3CX has a better flow.
IvanNardi
commented
1 year ago After taking a first look at the pcaps, I fear that not all flows related to 3cx can be classified reliable.
I agree
3CX (https://www.3cx.com/) is a VOIP system which can be setup in a local office environment with a 3CX server and a 3CX client..
Attached pcaps for 3CX chat, audio call and video call. The audio and video traffic has STUN packets, and UDP packets decoded as RTP.. But I was not able to find a specific pattern.. Appreciate if you could look at the same... The chat capture is just TLS1.2 and TCP packets
Below wireshark filter to check the pcap. 10.60.1.148 is the 3CX server which was setup and 10.70.99.11 is the client.
(ip.dst ==10.70.99.11 && ip.src == 10.60.1.148) || ( ip.dst == 10.60.1.148 && ip.src == 10.70.99.11 )
3cxaudio.zip 3cxchat.zip 3cxvideo.zip