No VoIP Streams in a recording session

asked 2021-05-04 11:48:20 +0000

Hi All,

I am fairly new to WireShark And IP generally. I am researching how VoIP carries speech information over the internet and recorded MS Teams calls through WireShark. When Loading the pcapng file there are no VoIP streams, RTP streams or SIP flows identified. In most packets, it seems that only UDP protocol is identified.
As suggested in the manual, I have tried decoding the packets as RTP from UDP but to no avail and I have also enabled the rtp_udp protocol and set 'Try heuristic sub-dissectors first' to True. Yet, still no streams are identified as VoIP calls.

Any suggestions of what may be the issue. If any additional information or data are needed, please let me know.

Many Thanks, Liam

edit retag flag offensive close merge delete


I am assuming that this is standard VOIP using RTP. Did you verify "enabled protocols" if RTP over UDP is enabled?

BigFatCat gravatar imageBigFatCat ( 2021-05-04 16:58:32 +0000 )edit

I would assume all communication from teams would be encrypted and there is mo guarantee any standard protocols are used.

Anders gravatar imageAnders ( 2021-05-04 18:41:34 +0000 )edit

@BigFatCat, Yes I have made sure the the entire file was re-processed with the RTP over UDP heuristic enabled. Still no luck. @Anders, if so then would I have needed a master-key or similar before starting recordings to enable decryption, yes? I assume that there is no way to get the packet information decrypted after the data has been collected? Also, in the future, would either of you recommend a specific method of transferring speech data through the internet so that WireShark recognises it as VoIP? Cheers, L.

liam_barrett gravatar imageliam_barrett ( 2021-05-05 09:21:39 +0000 )edit

I doubt a user would be able to decrypt a packet trace of an MS teams session as it being private is sort of the point. But this is pure guesswork. I do not know of any voip application communicating in clear text over the Internet. But have no detailed knowledge.

Anders gravatar imageAnders ( 2021-05-05 16:09:52 +0000 )edit

@Anders, cheers that clears a lot up - might be that the data I have just cannot be processed as VoIP then. This is OK as other measures have been made.
W.r.t. future use however, I think I may have miscommunicated my question. The issue originally, it seems, is that MS Teams has encrypted the packet data. For future research I will want to host a call over the internet and record this via WireShark. Of importance, I would like to record data that WireShark can recognise and process as VoIP & utilise its inbuilt analysis functions. Do you know a software for VoIP calls similar to MS Teams which would allow this without the encryption issue? Hope that makes sense. Thanks again for your help, L.

liam_barrett gravatar imageliam_barrett ( 2021-05-06 14:03:39 +0000 )edit