Wireshark is a tool that is widely used in the field of cyber security for analyzing traffic over different networks which may be wired or wireless. This software is available for free to its users and has numerous tools to analyze data packets flowing from one point to another. Apart from analyzing it is also used for protocol development, troubleshooting, and understanding communication among systems. It is open-source software that was developed with the aid of C and C++ programming languages. Originally it was known as Ethereal.
VoIP Calls or Voice over Internet Protocol calls can be understood as a system of communication that enables users to make voice calls to other users with the help of an internet connection means a user does not require a phone line anymore. A common example is WhatsApp Calls.
VoIP Calls Window in Wireshark:
It is a window in Wireshark that allows the user to analyze VoIP calls that are captured in the traffic. Wireshark separates the VoIP calls captured data from the rest of the traffic and shows it in VoIP Calls Window. It is done with the signal analysis along with RTP streams which is a Real-time Transport Protocol that allows systems to send and receive audio and video data over the network.
It can be found under the Telephony tab in Wireshark, see the below image
After it clicks on VoIP calls and a below window appears with captured VoIP calls
A lot of information can be gathered from here like
- Start Time: It depicts the time when Wireshark starts capturing VoIP calls.
- Stop Time: It depicts the time when Wireshark stopped capturing VoIP calls.
- Initial Speaker: It shows the IP address of the speaker either call receiver or sender.
- From: It is the IP address and other information related to the sender.
- To: It contains the receiver’s IP address and related information.
- Protocol: It shows the protocol used to make VoIP calls, some supported protocols are SIP, H323, ISUP, MGCP, UNISTIM, etc.
- Duration: It shows the time period till the call ends or Wireshark stopped capturing data packets.
- Packets: It shows the count of captured data packets.
- State: It depicts the state of the call like ringing, incall, on hold, etc.
- Comments: Wireshark gives comments about the status of the call so that the packet analyzer can understand it easily.
Along with this information, there is a filter option that allows users to filter these VoIP calls on different parameters for deep analysis. Users can also copy the captured data in CSV or YAML format.
