Analysis of VoIP calls in Wireshark.

SIP messaging process

The most revealing will, of course, be the exchange of signaling messages and traffic.
Telephony → SIP Flows

Here you will see all calls from this dump.

Let’s take the second call as an example — it has 27 packages — it should be interesting. Click Flow .

For this rejected and abused call, you can see the PRACK message desperately sent by the SIP server (10.8.156.201) to the voice gateway (10.12.5.6), to which the latter responds with a meager “ 100 Trying ” . This is not normal — it should be 200.
And finally, the call ends with the message “ 500 Server Internal Error ” .

Not bad!

SIP message analysis

Generally speaking, in fact, you can simply open one after the other messages in the wire and check the content.
Like that:

But in reality it would be much more convenient to open all messages in one window as text.
Analyze → Follow UDP Stream

Voice from the dump

I would like to overhear what is being said in the collected phone call dump? There is nothing simpler … But no, many things are much simpler than this. Even keeping a husky is easier than collecting and listening to a dump.
In general, in the previous window, you need to click Player .
Then Decode .

In the next window, you will see the spectrogram of the call.

Black rectangles — CPV .

The window is divided into two tracks — voices in different directions.
Select both tracks and press Play .
Would you like to export an audio file and share it with your friends? To the next section.

RTP stream content analysis

For the entire RTP_stream, you can check the most important parameters — losses, delays, delay variation.
Telephony → RTP → Stream Analysis.

If you still want to break the secrecy of negotiations and export your voice to an external file, you should click Save payload …

On the next screen, select the format . au (later Windows Media Player or Audacity can be opened to convert later to mp3 / wav). Both means that we keep both directions of the voice.