Wireshark: Listening to VoIP Conversations from Packet Captures

I have never done a lot with “Voice over IP” or VoIP systems, but ran into this today and thought it was pretty cool. A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call.

How hard would it be, I wondered, to scan a packet capture, find the calls and be able to somehow listen to the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark!

And they also include a file capture on their website so you can try it out.

So…. Let’s do it!

1. Download the sample capture from Wireshark’s website.

2. Run Wireshark and open the packet capture.

3. Now all you need to do is go to the menu bar, select “Telephony” and the “VoIP Calls”:

4. Okay, a list of calls from the packet capture will show up. Pick the one you want to listen to, in this sample the first one is the only one that really has a conversation:

5. Okay, easy peasy, just select the call you want, click “Player” then “Decode”:

6. The player screen shows up and shows the Waveforms of the conversation. You will have two, one for each side of the call. You can listen to each side individually, or if you tick both check boxes you can listen to the conversation as it plays out:

That’s it, if the VoIP conversation is in a protocol that WireShark understands, and is not encrypted, you can very simply isolate the call and listen to it via WireShark.

As always, do not try these techniques on a network or on systems that you do not have permission to do so. Also, check your local laws regarding communication privacy and telephony before trying something like this in real life.