Mastering UCSniff
In this recipe, we will examine UCSniff. UCSniff is a VoIP and IP security assessment tool. It is useful to security auditors because of its ability to quickly test for unauthorized eavesdropping of both VoIP phone and IP video calls.
UCSniff has two modes of operation:
Monitor mode: This mode runs a basic VoIP sniffer. Monitor mode is considered the safest mode of running UCSniff. However it's not very useful for penetration testing, in terms of risk assessment, because most VoIP networks will not have the settings in place to make the program useful.
Man-in-the-middle (MITM) mode: In this mode, UCSniff is ARP Poisoning the network. This is an actual attacking mode, and is the mode we will use during our demonstration. The MITM mode has a further two submodes:
Target mode: This mode enables the eavesdropping feature of UCSniff
Learning mode: This mode uses Ettercap and captures all traffic on the specified target
Getting ready
The following requirements need to be fulfilled...