1
00:00:00,270 --> 00:00:05,460
Now to connect to GNS3 I need to connect the switch to this cloud.

2
00:00:05,850 --> 00:00:10,130
It's basically bridging the GNS3 network to my physical network.

3
00:00:10,830 --> 00:00:16,710
So I've created a connection between the virtual and the physical network that'll allow this phone to

4
00:00:16,710 --> 00:00:17,290
register.

5
00:00:17,520 --> 00:00:22,050
Now, it may take a while to register, but once it's registered, I should be able to make calls from

6
00:00:22,050 --> 00:00:26,610
the physical phone to the virtual phones in my GNS3 topology.

7
00:00:27,620 --> 00:00:36,710
Here's the GNS3 router so show ePhone at the moment, it says that the third phone has registered.

8
00:00:37,370 --> 00:00:38,660
It's a 7970.

9
00:00:39,560 --> 00:00:42,730
It's got this IP address, it's got this telephone number.

10
00:00:43,130 --> 00:00:49,850
So I should, in theory, be able to make calls from my physical phone to these virtual phones.

11
00:00:50,920 --> 00:00:54,910
So let's try that together, so hopefully you can see that I'm going to go for.

12
00:00:56,790 --> 00:00:59,490
I can hear the phone dial tone/

13
00:01:01,010 --> 00:01:08,160
I'll dial 1001 notice over there, you can see the phone is ringing.

14
00:01:08,180 --> 00:01:12,230
So I've got a call from a physical phone to a virtual phone.

15
00:01:17,750 --> 00:01:19,730
Well, go talk here.

16
00:01:21,110 --> 00:01:27,830
So there's a bit of delay, but again, you don't typically talk to yourself

17
00:01:29,300 --> 00:01:31,160
and have phones that are so close to each other.

18
00:01:33,980 --> 00:01:43,490
This is a call from a physical phone to a virtual phone.

19
00:01:46,330 --> 00:01:52,510
OK, but what we actually want to do is, is use Wireshark to capture that so I'm gonna capture traffic

20
00:01:52,510 --> 00:01:56,650
between the physical network and the virtual GNS3 network.

21
00:01:59,210 --> 00:02:05,510
So Wireshark is capturing there's a lot of traffic on this network, so I'll keep it fairly short

22
00:02:08,500 --> 00:02:10,270
and make the call again.

23
00:02:10,639 --> 00:02:11,540
So dial tone.

24
00:02:16,140 --> 00:02:20,190
You hear the phone ringing, I'll answer the phone.

25
00:02:23,130 --> 00:02:28,830
This is a call from a physical phone to a virtual phone testing

26
00:02:29,220 --> 00:02:30,300
1 2 3.

27
00:02:30,690 --> 00:02:33,840
My name is David Bombal and I'm talking to myself.

28
00:02:34,320 --> 00:02:35,490
It's not strange at all.

29
00:02:36,150 --> 00:02:37,870
Bye 

30
00:02:39,290 --> 00:02:41,240
OK, call has ended.

31
00:02:42,870 --> 00:02:43,560
I'll stop that

32
00:02:43,560 --> 00:02:44,670
capture in Wireshark.

33
00:02:44,970 --> 00:02:46,560
Now you can filter in Wireshark.

34
00:02:47,490 --> 00:02:51,930
You can see there's a lot of other traffic here, like Dropbox synching, stuff like that happening

35
00:02:52,470 --> 00:02:57,090
but what we actually want to look for is some UDP traffic that looks like this.

36
00:02:58,670 --> 00:03:02,990
Traffic going from 10.1.1.120 to 10.1.1.1.

37
00:03:03,620 --> 00:03:09,080
Now you might ask, how do you know that if you go to telephony, VoIP calls, you can see information

38
00:03:09,080 --> 00:03:10,150
about calls here.

39
00:03:10,670 --> 00:03:15,980
So as an example, you can see the call information from this IP address and the phone numbers.

40
00:03:18,690 --> 00:03:22,020
So let's decode that as RTP

41
00:03:25,440 --> 00:03:33,570
and click OK, again, you can see G7-11 ulaw, so that's the default protocol used by these

42
00:03:33,570 --> 00:03:34,140
phones.

43
00:03:34,530 --> 00:03:40,320
Go to telephony, RTP, RTP streams, there are the two streams.

44
00:03:40,890 --> 00:03:42,210
I'll analyze that.

45
00:03:44,340 --> 00:03:45,510
Click play streams.

46
00:03:46,520 --> 00:03:48,740
Here are the streams.

47
00:03:50,300 --> 00:03:56,240
This is a call from a physical phone to a virtual phone testing

48
00:03:56,390 --> 00:03:57,230
1 2 3.

49
00:03:57,860 --> 00:04:00,850
My name is David Bombal and I'm talking to myself.

50
00:04:00,940 --> 00:04:02,750
So it's not strange at all.

51
00:04:03,290 --> 00:04:03,800
Bye 

52
00:04:04,580 --> 00:04:06,670
So, again, I'm looking at both streams there.

53
00:04:07,760 --> 00:04:12,920
If I go to telephony, RTP, RTP streams, I'll select.

54
00:04:14,350 --> 00:04:21,070
The source phone, which is 10.1.1.120 and click analyze click play streams.

55
00:04:21,399 --> 00:04:24,550
Now we only get the one stream rather than the

56
00:04:25,030 --> 00:04:29,430
this is a call,, the reply from a physical phone to a virtual phone.

57
00:04:31,690 --> 00:04:35,800
So yeah, you only get the original part of the audio rather than the duplication.

58
00:04:37,870 --> 00:04:43,690
This is a call from a physical phone to a virtual phone testing

59
00:04:43,960 --> 00:04:44,920
1 2 3.

60
00:04:45,490 --> 00:04:48,610
My name is David Bombal and I'm talking to myself.

61
00:04:49,090 --> 00:04:50,140
It's not strange at all.

62
00:04:51,340 --> 00:05:01,540
OK, so that is an example of using Wireshark to capture voice calls and replay them between a physical

63
00:05:01,540 --> 00:05:02,440
and a virtual phone.

64
00:05:02,950 --> 00:05:08,220
What I'll do is save this file, and I've save the other one as well.

65
00:05:11,130 --> 00:05:17,310
So that you can do this yourself.

66
00:05:19,180 --> 00:05:21,640
So I'm gonna say audio physical.

67
00:05:24,560 --> 00:05:28,190
Virtual ethical hack.

68
00:05:30,760 --> 00:05:32,170
I'll stop this capture here.

69
00:05:33,710 --> 00:05:40,940
So, again, what I've done is build a topology in GNS3 with some switches, a router which is acting

70
00:05:40,940 --> 00:05:46,490
as a core manager or a Cisco unified communications manager, express router, in other words, allowing IP

71
00:05:46,490 --> 00:05:47,500
phones to call each other.

72
00:05:48,020 --> 00:05:55,410
And I've set up calls between virtual phones and set up calls between a virtual and physical phone.

73
00:05:55,820 --> 00:06:01,920
I mean, just as a last step, I could call that physical phone from this virtual phone.

74
00:06:02,480 --> 00:06:08,690
So here's my physical phone and I'll press three here, I'll cause myself deaf with my ringtone

75
00:06:08,690 --> 00:06:11,150
but as you can see, it's ringing off the hook, testing.

76
00:06:14,090 --> 00:06:17,720
This is a call from a virtual to physical phone,

77
00:06:20,090 --> 00:06:20,780
and there you go.

78
00:06:24,230 --> 00:06:26,110
So hopefully you enjoyed this video.

79
00:06:26,660 --> 00:06:31,640
Let me know what other types of captures you'd like to see, in my Wireshark, course I do many

80
00:06:32,090 --> 00:06:35,360
and I want to teach you how to capture traffic, how to analyze it.

81
00:06:35,720 --> 00:06:37,970
Do you understand how ARP works?

82
00:06:38,450 --> 00:06:40,460
Do you understand how spanning tree works?

83
00:06:40,910 --> 00:06:45,020
Can you use Wireshark to analyze what's going on in the network?

84
00:06:45,320 --> 00:06:47,420
Can you use Wireshark to look for problems?