Wireshark: Listening to VoIP Conversations from Packet Captures

Sunday, June 24, 2012

Dan Dieterle


I have never done a lot with “Voice over IP” or VoIP systems, but ran into this recently and thought it was pretty cool.

A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call.

How hard would it be, I wondered, to scan a packet capture, find the calls and be able to somehow listen to the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark!

And they also include a file capture on their website so you can try it out.

So…. Let’s do it!

1. Download the sample capture from Wireshark’s website.

2. Run Wireshark and open the packet capture.

3. Now all you need to do is go to the menu bar, select “Telephony” and the “VoIP Calls”:

(click image to enlarge)

4. Okay, a list of calls from the packet capture will show up. Pick the one you want to listen to, in this sample the first one is the only one that really has a conversation:

(click image to enlarge)

5. Okay, easy peasy, just select the call you want, click “Player” then “Decode”:

(click image to enlarge)

6. The player screen shows up and shows the Waveforms of the conversation. You will have two, one for each side of the call. You can listen to each side individually, or if you tick both check boxes you can listen to the conversation as it plays out:

(click image to enlarge)

That’s it, if the VoIP conversation is in a protocol that WireShark understands, and is not encrypted, you can very simply isolate the call and listen to it via WireShark.

As always, do not try these techniques on a network or on systems that you do not have permission to do so. Also, check your local laws regarding communication privacy and telephony before trying something like this in real life.

Cross-posted from Cyber Arms

Possibly Related Articles:
Information Security
Hacking Tools Penetration Testing VoIP Surveillance WireShark Communications Deep Packet Inspection Pentesting
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.