In this video I demonstrate how to listen to RTP voice streams in Wireshark. I cover how to pick a good capture point on the network, then how to select and listen to the audio stream.
Sample capture can be found here under 'SIP and RTP':
wiki.wireshark.org/SampleCapt...
I was thinking of setting up VOIP this year for the home office. Perfect timing! This should be very fun to mess around with in the lab! Thank you very much for the informative video!
You should!
Incredible, thanks for the demo!
You’re welcome!
wow amazing example love your channel!!!!!!🎉🎉
Thanks!
This is gonna be fun!!!
Wireshark should definitely match rtp streams whenever it notices pairs like that. The window is already found under "telephony", it's not a stretch to presume auto-highlighting pairs of streams would be useful lol
Oh agreed 100%
Seriously cool bro
You are real pro...interesting
Really good video
Thanks!
Wow. Thank you so much.. 👍
You are so welcome!
Amazing video sir 👍 support from India 😀
Thank you!
@@plaintextpackets big fan sir love from India 🇮🇳 😊❤❤❤
Sick stuff, im subbing. You think you could do a Wireshark101 series? That would be very helpful.
I’m thinking about it! I’m getting better at the production stuff so makes it easier to fit in videos in my spare time
Juan is still trying to find which one are they testing
Would a capture of managed switch port mirror would work also, or would you just get one side of the data? A mirror of a port that one of the parties is connected to of course
Yes this would work if you mirror the actual access port connected to one of the PCs. If you mirror a port at the distribution or core layers you may miss one direction.
Cooool 🎉🎉🎉
Hi,sir . I’ve get two tiny questions. Is the SBC in my window pc primarily or I should download one? And sir you click the “telephony-RTP-RTP Streams” to find the streams instead of using filter Protocol==RTP , how could understand “RTP”, is something in protocol or it is protocol itself?🤔️ Thanks so much ,
cool videos more plz
Sure!
Thumbs Up
please do you have a CCNA videos?
I did my CCNA years ago and would probably fail now 😅
How do I intercept other user not necessary my own conversation , but communication with party in the same network with me
A few years ago I had to set up an analog fax over VoIP. I had trouble getting It working (turned out to be delay, echo and telephone port impedance). Is there a way that Wireshark can decode analog modulated data over VoIP like fax and modems?
That’s a good question, I believe you’d have to use like a VoIP converter to capture the traffic which would defeat the point
@@plaintextpackets The ATA used was a Grandstream HT-801. Here in Germany a huge number of fax machines are still in service. Even after the landline and ISDN networks are almost completely phased out. Mostly the ISP provided routers have ATAs integrated, some even have S0 ports for ISDN like the Fritzbox 7590. These devices are mostly plug and play. That makes the use of telephones and fax machines pretty easy. And yes an analog piece of paper digitized by a fax machine which then modulates an analog audio signal into and ATA which converts it to digital VoIP sends it over the internet and then everything in reverse sounds stupid. But the fax system has some qualities that modern IT still lacks. When i debugged it I used Wireshark to export the audio from the RTP stream and used an obscure tool (forgot the name) to debug the fax handshake.
Yeah if you can get the RTP portion of it then you can at least see if it is a handshake problem. But if the analog piece has signal quality issues you won't necessarily see that
Wow, well done! Fantastic demonstration. In fact I can understand the conversation because that's my native language lol. Following the invitation at the end of your video, I had an issue a few weeks back and I captured the packets. The problem was at the other end but I'd like to understand who was sending a reset. How could I upload the pcap file? Long story short: we couldn't send emails just to a specific domain
Thank you Fabian! If you'd like to send in a file, you can do so here: www.dropbox.com/request/eB1ZFDicpOJ5nnft5eSp I would be happy to provide the analysis for free, with the condition that I can present the findings on the channel. Let me know!
Thank you @@plaintextpackets! I just uploaded the file. Unfortunately many packets are size limited because I didn't configure monitor capture properly on the switch. I hope it contains enough information
No problem. Is there a specific conversation you’re focusing on (source Ip / destination Ip), timestamp or protocol?
@@plaintextpackets so sorry. I just realized I sent the unfiltered conversation. In a couple of minutes I will upload just the filtered packets
@fabiantoro7146 check out my latest video, I reviewed your problem!
How would you get wireshark to sniff the traffic of another device? In this case the router or middleman device?
From the router: the router would either need to support packet capture via gui or a CLI tool like tcpdump. Some modern or small business routers have this capability, most enterprise ones do as well. If you’re somewhat advanced you can look up how to turn an old Linux box or a raspberry pi into a Linux network tap. That would allow you to capture the traffic by placing the tap between your router and PC. There are professional taps but they are $$$&.
What types of call does this work with ? WhatsApp is encrypted right ? And so are normal calls (non wifi) So what kind of calls does this work on ?
RTP is used by voip phones in large enterprises, schools, hospitals, etc
How can we capture the same packet with our pc? Without using any existing files can you please show it live, That you are capturing RTP etc etc
I’ll post a video on this soon.
What if the pdrson uses a vpn then you cant decrypt the traffic correct?
That’s correct if they are using a VPN you will see those packets and not RTP, eg IPSEC or TLS, etc
@@plaintextpackets In fact, that's what happens if you try to capture WiFi calling cell phone calls (I've tried). WiFi calling is VoIP encrypted with IPSec.
Do you have another channel where I can follow you? Discord, Reddit?
Discord! Check the description
wow
I want to try
Sure!
Ip phone only? Viber call?
Yes this will only work with ip phones using RTP
Does the device need to be connected to same network as the pc ?
As shown in the video this only works if you are capturing from the PC where the call is taking place. If you want to sniff the traffic from another PC you need to do something like ARP poisoning
@@plaintextpackets so I won't be able to hear any phone calls made on smartphones?
Nope
Whats the best way to defend against this? SRTP, TLS?
Any sort of encrypted voice protocol. Many web-based voice apps are encrypted.
Can a vpn app or other apps perform this since it is connected in ?
Can you restate the question?
@@plaintextpackets if i install a vpn application and since it is connected to my network can they do such things as you did in my network
If the vpn client is installed on your PC then no they won’t be able to see the traffic. This is why you should use VPN when in public networks like airports or coffee shops
How can I contact with you brother?
plaintextpackets@gmail.com
@@plaintextpackets you don't have telegram for easy contact brother?
No unfortunately I don't
@@plaintextpackets brother I have sent you message
In order to determine if the target is using rtp we would type rtp in wireshark right
Yep you can use ‘rtp’ as your display filter
@@plaintextpackets would this work against the text now app how would we do that
is it not enceypted at all? what about whatsapp calls?
RTP traffic is generally unencrypted within networks (companies, school campuses, etc). If exchanged over the internet or insecure networks vendors are likely to use encryption. WhatsApp uses its own proprietary protocol which is encrypted
Whatsapp is end-to-end encrypted from user a to user b. But in realty you can’t trust nobody . It’s a question about time. They stored NOW our data in hope that one day when the encrypt key ist locked up they can’t see what is written befor. All what we write and all what we say is in the end all zero and one . In the future when quantum computer encrypt from today some standard encrypt methods is it easy to go back and lock what is written befor.
I believe WhatsApp uses the same encryption as Signal
@@karim6514Well, they claim to use it. They say they use the signal-protocol, but since Signal is Open source, they are free to temper with that as they wish
But yes, it's end to end encrypted
Wow who designed your thumbnail?
Dall-E 😁
Ai
Ai
00:53 I heard it as "and you should cease to exist💀"
Lool
what kind of call is this?
Digital voice call using the RTP protocol
Im trying to set these up for companies.... All of the good ones to monitor calls for better customre service 😂😂
skip to 4:27
Can this be used as a method of parental controls?
It could if your kids were using VoIP, but you would need to capture their traffic continuously and store it somewhere. We do it at the Enterprise level but it is costly.
why when i open RTP streams its not showing anything?
You may not have RTP packets present in the capture.
@@plaintextpackets dose it work on whatsapp and Instagram voice calls?
Nope
For educational purposes only wink wink
To be really good in networking and security you need to know how to break things
Do we need external hardware to capture?
No you can capture from Wireshark or tcpdump if you have access to the pc. I will make a video showing how in the near future
will wait for that video@@plaintextpackets
Please give me a example that a PC to PC call means which application they use for conversation and is there any dedicated device required to take the captured and later analysis using Wireshark.??
I will do a part 2 to this video
i know thats isp and even any intellgence can capture my phone call on any network or host .. doesnt matter ...😐😐 😊
👀
Would this work for discord?
Unfortunately no, Discord uses an encrypted audio codec: discord.com/developers/docs/topics/voice-connections
I’m new at wire shark so do you use wireshark
Can we sniff volte packets too 😊
how bout you demonstrate not using AI for your thumbnails
I have no art skills!
Can I listen to normal calls of mobile phones? Like Android to Android, iPhone to iPhone, Android to iPhone or telephone etc?
No, cellular voice calls from modern cellphones are all encrypted
@@plaintextpackets is there any way to listen to them without touching or hacking the target phone? Because I'm in urgent need of that, (some family issues has to be solved with solid evidence) any way to crack the encryption?
@@rashidbinzaiyed7149you would need a setup to capture the data and depending if it's a 3/4/5g connection a good amount of time to brute force the encryption. It's doable but it takes time and if you are caught you will probably spend a few years in prison.
@@rashidbinzaiyed7149 rashid XDD ofc indian guy rofl
Great vid. New sub, you have discord channel?
Thanks! No but good suggestion I’ll make one soon
discord.gg/QgAnHXke @MrXtahsee
shhhhhhhhhhhhet