Added a readme and commands used

wintermanc3r · Mar 3, 2017 · e2ad9d1 · e2ad9d1
1 parent 5b1bd6c
commit e2ad9d1
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 1 deletion.
diff --git a/sip_investigation/README.md b/sip_investigation/README.md
@@ -0,0 +1,12 @@
+# Focus on the SIP protocol for VoIP
+## Info about packets
+* [Brekeke uses default user 100](http://wiki.brekeke.com/wiki/Brekeke-SIP-Server-v3-Quickstart)
+* [Brekeke Administrator Manual](http://www.brekeke.com/doc/sip/sip_admin_v3.pdf)
+* [Brekeke Wiki](http://wiki.brekeke.com/wiki/)
+
+## Malware
+* [SIPViscious](http://blog.sipvicious.org/)
+* [SIPviscious Source on Github](https://github.com/EnableSecurity/sipvicious)
+
+## Unrelated
+* [TFTP malware](https://github.com/EnableSecurity/tftptheft)
diff --git a/sip_investigation/info_about_sip.sh b/sip_investigation/info_about_sip.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+# prints out information about the sip packets.
+if [[ ! "$#" -eq 1 ]]; then
+	echo "Usage: ./info_about_sip.sh <file.pcap>"
+else
+	tshark -r $1 -n -e frame.number -e ip.src -e ip.dst -e udp.dstport -e sip.r-uri -T fields "sip" -P
+fi
diff --git a/sip_investigation/sipfilter.sh b/sip_investigation/sipfilter.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-
+# dumps sip packets to a file
 list=$(cat SIP_requests.txt | cut -f1)
 
 for i in $list;