Wireshark: Listening to VoIP Conversations from Packet Captures

I have never done a lot with “Voice over IP” or VoIP systems, but ran into this today and thought it was pretty cool. A lot of telephones and communication devices now use VoIP to communicate over the internet. I was wondering how hard it would be to listen to a VoIP phone call if you had a packet capture that included the call.

How hard would it be, I wondered, to scan a packet capture, find the calls and be able to somehow listen to the call. Well, come to find out, it is not hard at all. The feature is built into Wireshark!

And they also include a file capture on their website so you can try it out.

So…. Let’s do it!

1. Download the sample capture from Wireshark’s website.

2. Run Wireshark and open the packet capture.

3. Now all you need to do is go to the menu bar, select “Telephony” and the “VoIP Calls”:

4. Okay, a list of calls from the packet capture will show up. Pick the one you want to listen to, in this sample the first one is the only one that really has a conversation:

5. Okay, easy peasy, just select the call you want, click “Player” then “Decode”:

6. The player screen shows up and shows the Waveforms of the conversation. You will have two, one for each side of the call. You can listen to each side individually, or if you tick both check boxes you can listen to the conversation as it plays out:

That’s it, if the VoIP conversation is in a protocol that WireShark understands, and is not encrypted, you can very simply isolate the call and listen to it via WireShark.

As always, do not try these techniques on a network or on systems that you do not have permission to do so. Also, check your local laws regarding communication privacy and telephony before trying something like this in real life.

6 thoughts on “Wireshark: Listening to VoIP Conversations from Packet Captures”

  1. Very interesting post. It’s no secret that VOIP calls are vulnerable to eavesdroppers. Just about anybody can listen in on VOIP calls.
    And yet few people really take the time and effort to use and implement the available encryption tools.

    I my opinion developers need to focus even more on VOIP security. Instead they are struggling to deliver quality of service on VOIP so that their products will be commercially viable.

Leave a Reply to D. Dieterle Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.