⬆️ ⬇️

Analysis of VoIP calls in Wireshark

In anticipation of a podcast about VoIP, a small note was suddenly born.



Sometimes you have to face the problem of setting up a voice call. For reasons unknown to the beginning, the call just breaks.



What if the vlob methods are already used?

')

Dump.

And what is now inextricably linked with dumps? Wireshark.



A couple of years ago, we already had an article about working in this truly magical tool of the networker.

Not a sin and repeat?





SIP messaging process



The most significant will be, of course, the exchange of signaling messages and traffic.

Telephony → SIP Flows



Here you will see all the calls of this dump.





Take the second call as an example - it contains 27 packages - it should be interesting. Click Flow .







For this rejected and insulted call, you can see the PRACK message, which the SIP server (10.8.156.201) is desperately sending to the voice gateway (10.12.5.6), to which the latter responds with a scanty “ 100 Trying . This is not normal - it should be 200.

Finally, the call ends with the message “ 500 Server Internal Error .



Not bad!



SIP Message Analysis



Generally speaking, in fact, you can simply open one after the other messages in the wire harrow and check the contents.

Something like that:







But in reality, it would be much more convenient to open all messages in one window as text.

Analyze → Follow UDP Stream







Voice from dump



I would like to overhear what they say in the collected dump of a phone call? Nothing is simpler ... But no, a lot is much simpler than that. Even containing huskies is easier than collecting and listening to a dump.

In general, in the previous window you need to click Player .

Then Decode .



In the next window you will see the spectrogram of the call.



Black rectangles - CPV .







The window is divided into two tracks - voices in different directions.

Select both tracks and click Play .

Would you like to export an audio file and share it with friends? You in the next section.



Analysis of the contents of the RTP stream



For the whole RTP_flow, you can check the most important parameters - loss, delay, delay variation.

Telephony RTP Stream Analysis.





If you still want to violate the secrecy of the negotiations and export the voice to an external file, click Save payload ...



On the next screen, choose the format . au (later Windows Media Player or Audacity can be opened to convert later to mp3 / wav). Both means that we keep both directions of the voice.







All right, you are a master of VoIP.

Source: https://habr.com/ru/post/302198/



All Articles