Capturing Ooma traffic for IP Address

asked 2023-02-01 20:22:40 +0000

MBofMB gravatar image

I've assembled a network tap between my Ooma (VOIP) device and router. I'm not sure how to setup WireShark to capture the data. I'm a rookie.

Any advice/help would be greatly appreciated.

The point of all this is to record the IP addresses of a couple of scammers in Europe and forward it to some authorities that could reduce their footprint!

Thank you for your time and efforts.

* Wireshark won't allow a pic of the tap until I'm acquired 60 points *

edit retag flag offensive close merge delete


assembled a network tap

Does this mean a "DIY network tap" like the ones on the Capture using a network tap wiki page?
Or is it a piece of commercial gear?

Chuckc gravatar imageChuckc ( 2023-02-02 01:20:00 +0000 )edit

Not sure what you need here.

Start by checking How To Set Up a Capture to see if this answers your question.

When you are capturing traffic with Wireshark, you have two main options:

  1. Capture everything then use Display Filters to find the packets/protocols you are interested in.

  2. Capture only what you need using Capture Filters so that you only save specific packets/protocols.

If you know what you want then option 2 makes smaller PCAP files but if you don't then capture everything.

Spooky gravatar imageSpooky ( 2023-02-02 01:27:36 +0000 )edit

I assembled a DIY system using 2 Northern Telecom RJ45 dual plate wall units. They are toned out correctly. It's the Wireshark settings etc. I was asking about.

MBofMB gravatar imageMBofMB ( 2023-02-02 01:28:03 +0000 )edit

Spooky, Thanks for some suggestions. I don't know what to filter since I don't know what to expect in the stream. How do you identify the packets that would have the required IP addresses that are valid?

MBofMB gravatar imageMBofMB ( 2023-02-02 01:32:09 +0000 )edit

Chuckc, I assembled a Passive Ethernet Tap such as in Figure 2 in:

MBofMB gravatar imageMBofMB ( 2023-02-02 01:44:05 +0000 )edit