VoIP calls, using the network protocols SIP/SDP and RTP, are the de-facto standard when it comes to voice calls. Wireshark offers some special features to analyze those calls and RTP streams – even with a nice “Play Streams” option, which discretely decodes your calls. Ouch. Again and again, frightening which privacy-related protocols are completely unencrypted on the Internet!
Here are some hints for Wireshark as well as a downloadable pcap with three calls in there. ;) Have fun!
I won’t explain any SIP/SDP/RTP details here. There is much information out there already. I basically want to share a pcap to play with, along with some Wireshark screenshots.
Download the pcap, 7zipped, 473 KB:
Open it with Wireshark and go to Telephony -> VoIP Calls to get this overview:
You can either have a look at the Flow Sequence:
Or you hit the “Play Streams” button to actually listen to the calls in the RTP Player. Wuh:
I have three VoIP calls in the pcap. Two g711A streams and one HD stream with g722.
Another way to have a look at the RTP details is to open Telephony -> RTP -> RTP Streams, click the stream of interest, followed by “Find Reverse” and then Analyze:
This gives you details about the jitter, losses, etc.:
Of course, the great Wireshark dissectors work for all protocol details as well, e.g., the SIP packet details: