Extracting a VOIP call from a Packet capture
When troubleshooting sip/voip calls sometimes it is necessary to capture the call and send it to support. These captures can get really large in size making them impossible to email and sometimes ftp. Whatever the case extracting the call into a seperate file can be very useful. In this tutorial I will walk you through extracting the call into a separate file.
Before you begin you will need some information
1.Packet capture (not covered in this guide)
2.Calling number
3.Called number
2.Calling number
3.Called number
1. We will start off by creating a display filter using the calling number. In my example this is my display filter sip.from.user == “8877” if you prefer you can use the called number using sip.to.user == “7409”. I have chosen to use the calling number see image.
2. Once the filter is applied find the call-id of the sip call in the sip message header. Any SIP packet will work 
3.Right click on the Call-id and select Prepare as filter>select.
5. Copy the display filter to notepad you will need it later
6. With the display filter applied find the first SIP/SDP (take note of the source and destination ip address). Open the Session Initiation Protocol (invite) and navigate to [sip>message body>media description>media port]. Document this port you will need it later. Port 29818 in my example
7. Find the SIP/SDP record where the other device in the trace reply's back with its media port. Document this port for later use. In my example source IP address source IP 192.168.48.51 destination IP 192.168.165.163 and the port I am looking for is 22120
8. Build your filter with what you have documented. You should have the Call-Id and both media ports for both device. Modify the example filter with the data you gathered. Past the filter into wireshark and wait for it to filter out your call.
Example filter
sip.Call-ID == "8ee62780-b611d354-47f9c-3330a8c0@192.168.48.51" || udp.dstport == 29818 || udp.dstport == 22120
9. Once the display filter returns result extract the selected packets into a separate file
10. After the files are saved open the new file in Wireshark. If any of the udp packets did not decode as RTP. You can fix that by right clicking on the packet and click decode as (see below)
Select RTP in the Current dialog box and hit ok.
11. After the udp packets get decoded to RTP select Telephony> Voip Calls.
When the Voip Calls opens up select the only call you have and click play steams.
Wireshark RTP Player
Once you have the RTP player open you will be able to listen to the call.
Once you have the RTP player open you will be able to listen to the call.
Was this article helpful? please leave a comment below.
arminob
ReplyDeleteHow to Solve People's Problems With Online Consumer Complaints?
I read this blog and this is really appreciate one. You have shared brief and good knowledge related to VOIP problems. I am running a small business in NYC and I got VOIP or Business Telephone Services from Setton Consulting. It is a good experience to work with them.
ReplyDeleteVery informative article, Which you have shared here about the VOIP. Your article is very informative and nicely describes the process of extracting voip call from packet capture. Alinevoice provides the best business telephone systems toledo at an affordable price.
ReplyDeleteThis is a smart blog. I mean it. You have an excellent knowledge about this topic. Thanks for sharing such a great blogs to us. Best Business VoIP System
ReplyDeleteIt's fascinating to see the technical aspects involved in analyzing and understanding VoIP communication. I couldn't agree more with the importance of capturing and dissecting these packets to gain insights and troubleshoot issues effectively.
ReplyDeleteWhen it comes to exploring different VoIP options, I highly recommend checking out providers that offer VoIP quotes. This enables businesses to compare and choose the most suitable VoIP solutions for their specific needs. It's essential to consider factors like call quality, reliability, scalability, and pricing. By leveraging VoIP quotes from various providers, organizations can make informed decisions that align with their communication requirements. Looking forward to more insightful articles like this!"