This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decoding Vonage call via PCAP

0

Hello,

I have an old phone call with my Grandfather (now passed - why I am trying to extract the audio) where I was recording the call to him via my Vonage line and Wireshark. This was from February of 2007 if that helps.

When opening the PCAP and selecting Telephony/VoIP calls, 0 calls are detected.

Just hoping someone may have an idea as to how I can extract this call as audio once again.

Thanks,

asked 07 Nov '15, 22:19

jamesbl's gravatar image

jamesbl
6112
accept rate: 0%


One Answer:

0

If you are 100% sure you took the proper .pcap file, I'd suspect an issue with VoIP call detection in your version of Wireshark (which is...?).

So try to use lower level tools to tell Wireshark which packets belong to the call: go to Statistics -> Conversations. A new window will open, select the "UDP: X" tab in that window (X is the number of UDP conversations detected), and click at the column header "packets A->B". This sorts the conversations starting from the shortest one, so click again to have the longest ones on top of the list.

Now select one of them (start from the longest one) and press the "Follow stream" button.

Another window will open, but what really interests us is that a display filter will be set for that UDP stream. So now return to the packet list. If the packets are not decoded as RTP (probably not but I don't know what the real trouble is), right-click any of them, and select "decode as" from the context menu. Find "RTP" in the rightmost list in the "decode as" window, select it and press "apply".

Now select any of the RTP packets in the list, go to Telephony -> RTP -> Stream analysis, you should get a new window with "Forward Direction" and "Reverse direction" tabs, and should be able to use "Player" and "Save payload" buttons.

Good luck.

answered 08 Nov '15, 00:37

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 08 Nov '15, 01:09