旁路监听下VoIP行为分析与内容还原

VoIP Behavior Analysis and Content Recovery Under Bypass Monitoring

针对以会话启动协议(SIP)为基础的VoIP会话,通过对捕捉到的数据包进行分析,提出一种旁路监听时VoIP行为分析与内容还原的方法。该方法能够有效过滤与VoIP通信无关的数据包,正确还原并记录VoIP的通信行为与通信内容。利用该方法在SNORT中实现VoIP行为分析与内容还原系统,已成功应用于实际项目中。

Through analysis of the network data packets about Session Initiation Protocol（SIP）-based Voice over Internet Protocol（VoIP） in the case of bypass monitoring, a method is proposed to recover the VoIP information on bypass monitoring. This method can deal with all kinds of complex situation, filter out the network data packets which have nothing to do with VolP communications effectively and recover the behaviors and contents of VolP communications correctly. This method implements a VolP behavior analysis and content recovery system based on SNORT that is applied to practical projects.