Companion downloads · The VoIP Engineer's Library
Vol II

Securing VoIP at Every Layer

Free companion resources for Volume II — annotated pcap library (signaling, attacks, defenses, case files, decrypt-demo), security-tuned Wireshark profile, two-page filter cheat sheet, and the capture-analysis workbook. No account required.

  • Pcap library

    Vol II

    Every annotated .pcap file referenced in the book — 32 captures across five categories: signaling (SIP/SDP analysis), attacks (12 attack-trace captures including IRSF, SIPVicious, ARP spoof, VLAN-hopping, AMI exposure, RTP eavesdropping, DTMF extraction), defenses (TLS/DTLS-SRTP, mTLS trunks, SBC topology hiding, SDES vs TLS-wrapped key delivery), case files (six worked Ch 4.2 incidents — toll fraud, registration hijack, RTP eavesdrop, SIP DDoS, supply-chain, voicemail exfil), and a decrypt-demo bundle (TLS+SRTP capture with the SSL key log, server cert, and CA for Wireshark interactive decryption). Hand-built in Scapy from documented address ranges (RFC 5737 / 3849 / 7042 / 2606) — safe to load, modify, and redistribute.

    securing-voip-pcaps.zip

  • Securing VoIP Wireshark profile

    Vol II

    Ready-to-import Wireshark profile tuned for security analysis. Adds four security-relevant custom columns (TLS handshake version, TLS cipher suite, SIP Identity / STIR-SHAKEN PASSporT, SIP auth scheme) to the standard column layout. Ships 36 color rules ordered by analyst priority — encrypted handshakes, attack-tool fingerprints, suspicious signaling patterns, and policy violations stand out at a glance. 28 pre-loaded filter bookmarks matching the most common analyst tasks from the chapter walkthroughs. Drop into your Wireshark profiles directory and switch via Edit > Configuration Profiles.

    Securing_VoIP_Wireshark_Profile.zip

  • Securing VoIP cheat sheet

    Vol II

    Two-page PDF quick reference. Side A: display filters grouped by analyst task — reconnaissance and tool fingerprints, SIP signaling analysis, media-plane analysis, encryption layer, network/L2 attacks, management-plane attacks, combined / policy-violation, statistical detection recipes, general workflow shortcuts. Side B: RFC 4733 telephone-event payloads, TLS/DTLS handshake message types, attack-tool user-agent fingerprints (SIPVicious svmap/svwar, sundayddr, sipsak, VoIP Hopper), IRSF/Wangiri country codes, default SNMP community strings. Designed to print double-sided on a single sheet.

    wireshark_securing_voip_cheatsheet.pdf

  • Capture-analysis workbook

    Vol II

    14 guided exercises, a TLS+SRTP decryption capstone (Exercise 15), and 3 synthesis exercises. Self-paced, with inline expected-findings checks at each step so readers can attempt-or-read-first per their preference. Exercises cover scanner identification, extension enumeration, digest hash harvest, RTP eavesdrop reconstruction, credit-card DTMF extraction, master-key cleartext capture, ARP spoof detection, VLAN hopping, IRSF and Wangiri fingerprints, AMI session reconstruction, provisioning-config extraction, toll-fraud and registration-hijack case investigations. Synthesis exercises build a SIPVicious detection ruleset, compare SDES cleartext vs TLS-wrapped key delivery, and trace an IRSF attack chain end-to-end.

    securing-voip-workbook.pdf

Capture safety

Every capture in the library is synthetic — hand-built in Scapy from documented address ranges (RFC 5737 for IPv4, RFC 3849 for IPv6, RFC 7042 for MAC addresses, RFC 2606 for hostnames). No customer data was ever touched. You can load these into any tool, modify them, and redistribute them freely.

Looking for Vol I resources? Network Analysis for VoIP Engineers is live with its own companion download set.

The VoIP Engineer's Library · Vol II

Read the book

Securing VoIP at Every Layer is available in paperback and Kindle on Amazon. These downloads pair with the book; the chapters are where the captures, filters, and case files become a structured defensive workflow.