Friday, November 13, 2015

Wiretapping IP Phones

It is possible to wiretap IP phones using Wireshark. If you have access to the network switch which the target phone is connected, you can capture packets of that interface and rebuild the conversation using Wireshark software easily.

Here, my target phone is connected to the Fa0/13 of a Cisco switch. And my PC is connected to the Fa0/9.

I need to start a monitoring session to mirror the port Fa0/13 as source and the destination port as Fa0/9 using following commands.

S(config)#monitor session 1 source interface Fa0/13
S(config#)monitor session 1 destination interface Fa0/9

Start a Wireshark capture from the PC & wait for a call. You can see RTP in protocol field when a call is taking place.  (click on the images to see in full size)

When the capturing is over save the capture and go to Telephony --> VoIP Calls

Click on a completed call and click on Player

Click Decode

You will see 2 streams for Rx side and Tx side. Tick a stream and hit Play

Note: Currently supported protocols for VoIP in Wireshark are SIP, H323, ISUP, MGCP & UNISTM. Supported codes are G711 A-Law & G711 u-Law only.

0 comments to “Wiretapping IP Phones”

Post a Comment