Thinks You Need To Know About Audiocodes Mediant

The VoIP Gateways in the AudioCodes Mediant 2000 16E family are industry-ready, standards-compliant media gateway systems. The Mediant 2000 is used by businesses and service providers and is designed for wireline, wireless, cable, and internet access. The Mediant 2000 series is a perfectly proportioned answer for small- to medium-sized needs, matching the density specifications for smaller locations while satisfying the scalability requirements of Network Service Providers.

Capturing data from a network is not always as easy as it sounds. There are a few things you need to keep in mind when you want to capture traffic using your AudioCodes Mediant 1000B card.

Hardware

First, you will require some sort of hardware. You could use the USB interface or the PCI bus but there are other options – like PXE booting the OS and then capturing packets using the built-in NIC – but that’s off topic for this article.

Second, you will need a software solution. Some people prefer Snort while others go with Bro (formerly known as openSnitch). Both programs have their own pros and cons as well as different features and limitations. Both are free and open source so they shouldn’t be too hard to set up.

If you have any questions about either program please don’t hesitate to ask them here. I’m certain someone else would know the answer!

Third, and lastly, make sure you have everything installed correctly on your system before you start trying to capture packets.

Setting Up The Software

The first thing you should do is install the programs on your system. If you’re new to Linux I highly recommend checking out one of our guides on how to install Debian/Ubuntu or Fedora/RHEL on your computer. It’s really quite simple if you know what you’re doing and can follow instructions step by step.

Once you’ve got everything installed you’ll need to configure the programs. These steps may seem simple but there are ways that certain settings get missed by people all the time.

After reading through the configuration section of each application you’ll need to adjust your IP address, firewall rules, etc. This is where the real fun begins. Once you’ve done that you’ll be good to go!

As long as you’ve configured everything correctly and you aren’t having issues connecting to the Internet you should be able to connect to your network and capture packets with ease.

Capturing Packets With Snort

Snort is very powerful and extremely advanced at the same time. It can monitor for multiple types of attacks as well as alert you to them when they happen. However, it comes with many caveats.

You will need to download the latest version of the source code (which has to be compiled) and compile it yourself. Then you’ll need to edit the configuration file to enable packet capturing. After that you’ll need to ensure that your firewall allows incoming connections on port 9999. That’s pretty much it!

With Snort you will be alerted immediately if any of the following occurs:

A host attempts to send you malicious traffic

An attacker tries to scan your network for vulnerabilities

Your network gets attacked by a worm or virus

You see suspicious activity coming from your servers

I haven’t used Snort for several years now so I can’t speak to the current state of the program but I imagine it hasn’t changed too much since I stopped using it. If you’re interested in learning more about Snort check out our guide.

Capturing Packets With Bro

Bro is another great piece of software that I’ve never used myself because my school doesn’t allow me access to the internet outside of class. So instead I use a Linux live CD to browse the web and play games online. When I started researching packet capturing my main choice was to use Bro because it seemed like a better option than Snort.

Unfortunately, after trying it out for a bit I noticed that Bro didn’t work as well as advertised. In fact, it wasn’t even close. While it does support packet capturing, it won’t alert you to anything unless the attack actually happens. This means that if you set up your system to capture packets and nothing is happening you might miss out on a lot of action.

Another problem with Bro is that it comes with a ton of plugins and modules that you’ll likely never use. This makes it difficult to figure out which ones you need and which ones you don’t. If you decide to try it out anyway I strongly advise going into the documentation and finding yourself a couple useful plugins that you’ll find useful.

Finally, the most annoying part about Bro is that you can’t just run it as a service without running a daemon on your server that listens to the port it needs to listen to. This means that if your computer isn’t connected to the Internet you can’t capture packets. For example, if you want to monitor traffic coming from your home network you’d have to connect to it over ethernet. This is a minor inconvenience but not exactly ideal.

For anyone who wants to learn more about Bro or uses it themselves I urge you to read over our guide on setting up and configuring Bro here.

Conclusion

Personally, I think that Snort and Bro are both great pieces of software that can help you catch various types of attacks on your network. I also think that the majority of people will find the software to be more user friendly than the average person. Of course, this depends on how much experience you have with Linux so you might be completely fine with a beginner friendly alternative.

Are there any alternatives you can suggest? What do you feel works best? Let us hear about it! Please share your thoughts below.