This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I save one VOIP call easily?

0

I use tcpdump to capture traffic from my asterisk server that has multiple simultaneous calls on it at the same time. When I use wireshark I can easily listen to one call by clicking Telephony -> Voip calls.

But when I want to take that one call and save it as it's own stream, I continually have problems. It's not easy. I have to grab the ssrc for both calls, and create a filter and then export.... It's a PITA. Is there an easier way to do this? If not why?

asked 16 Nov '12, 08:45

technonick's gravatar image

technonick
1111
accept rate: 0%


3 Answers:

0

Well, try this for a change. Use menu Telephono|VoIP Calls, select the call you want. Get its flow and look for the associated media flow (thick RTP marked lines). Click that line and your packet list jumps to that packet. It's the RTP stream you're looking for. Now go to menu Telephony|RTP|Stream Analysis. This shows you the analysis of the RTP stream of the call, with the option to play, save, etc.

answered 16 Nov '12, 12:04

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thank you Jaap, but unfortunately that doesn't help, but thank you for trying. I'm looking to save the VOIP call data for the that individual call. What you suggested is close, but the options to save are a "raw" format and a .au format. I suspect these are audio formats. Not pcap steams. I'm trying to isolate the call in it's entirety.

(16 Nov '12, 16:44) technonick

So the question was "... and save it as its own packet stream,...". That's something for the wishlist or enhancement bug, I can't remember ever seeing such request. That should be a request for a "Prepare filter" on the RTP Stream Analysis window.

(18 Nov '12, 22:54) Jaap ♦

Not really an answer but I've made a guide on doing this just in case anybody out there isn't sure:

https://ask.wireshark.org/questions/40276/how-to-extract-a-voip-call-using-the-display-filter

Does anybody know how we raise this as a feature request/if one has been raised?

(05 Mar '15, 04:17) tarmongaidon

I think your "question" would have been much better placed as an answer to this question or even a question of your own, then folks could have voted your answer up and other folks searching for help might have found the "answer".

To make a feature request, first check, and then if there isn't an existing item, raise a new item on the Wireshark Bugzilla marking it as an enhancement.

(05 Mar '15, 04:38) grahamb ♦

Changed my question to an answer. Thanks Grahamb, I'll take a look.

(18 Mar '15, 07:36) tarmongaidon

0

answered 18 Mar '15, 08:40

tarmongaidon's gravatar image

tarmongaidon
6113
accept rate: 0%

0

With pcapsipdump you can capture each call in one file. Open it afterwards with wireshark. Maybe this is a comfortable way for you.

answered 18 Mar '15, 13:45

voiplover's gravatar image

voiplover
6113
accept rate: 0%