Steps of Playing VoIP Calls in Wireshark

You can use Wireshark to play any codec that an installed plugin supports. You can save decoded audio in the.au file format using Wireshark. It only supported saving audio using the G.711 codec before version 3.2.0; starting with 3.2.0, it supports saving audio using any codec with 8000 Hz sampling. RTP Player is the name of the VoIP call playback application. RTP streams and their waveforms are displayed, and the stream can be played and exported as audio or as a payload to a file. The supported codecs determine its capabilities. Depending on the Wireshark version you’re running, several codecs are supported. The custom/distribution builds may not have all the codecs maintained by the Wireshark developers, but the official builds do. Following are the steps to check your Wireshark:

• A window labeled menu Help → About Wireshark
• Go to the Plugins tab
• Choose “Codec” under “Filter by type”

 

RTP Streams:

RTP stream analysis can be performed using Wireshark. One or more streams can be chosen by the user and played at a later time. To accomplish this, the RTP Player window keeps a playlist (list of RTP streams). When the RTP Player window is opened, a blank playlist is produced, and when the window is closed, it is destroyed. When not required, the RTP Player window can be opened in the background and then brought to the front. The playlist is kept up while it is life. When the RTP Player window is opened, the playlist can be changed in three different ways from other tools (Wireshark windows):

• The button Play Streams → Set playlist deletes the current playlist and adds streams that you have decided on in the tool.
• The button Play Streams → Add to playlist adds streams that you have decided in the tool to the playlist. The same streams are not repeated when duplicated.
• The button Play Streams → Remove from playlist deletes the streams selected in the tool from the playlist if they are in the playlist.

 

Directly clicking the Play Streams button opens the RTP Player window with the Set playlist function. The tiny down arrow next to the button can be used to pick any action. There is no distinction between Set playlist and add to playlist when the playlist is empty. All three of the aforementioned methods open the RTP Player window when it isn’t already. Removing from the playlist is helpful, for instance, if the user has selected all RTP streams and wants to eliminate RTP streams from particular VoIP Calls.

Tools:

The tools listed below can be used to update the playlist’s content; they include a Play Streams button. One of the following methods can be used for this purpose.

• Open the Telephony → RTP → RTP Streams pane, which will display all streams in the capture. Choose one or more streams, then click Play Streams. Several streams are added to the playlist.
• Open the Telephony → RTP → Stream Analysis window by selecting any RTP packet from the packet list. It will display an analysis of the specified forward and reverse streams (if Ctrl is pressed during window opening). Then click Play Streams. The forward and reverse streams have been added to the playlist.

The various tools include- VoIP Calls dialog, SIP Calls dialog, Flow Sequence dialog, RTP Player dialog, and more.

Playing Audio While Live Capturing:

Unlike other Wireshark dialogues, the dialogs are not refreshed automatically during live capture; instead, the user must start it. 

The copy is made or refreshed, and the dialog is updated:

• When the window is opened.
• When a new stream is added or configured.
• When the Refresh streams button is pushed during live capture.
• Every time a user finishes/stops live capture.

When a capture file is opened (no active capturing), all streams are read complete, with no user intervention required. The button Refresh Stream is disabled since it is ineffective. 

When live capture is enabled, streams are read and displayed only up to “now.” When the broadcast is continuous and the user wants to watch more, they must use the Refresh stream button. When the user exits live capture, the screen is refreshed and the button is deactivated.

RTP Decoding Settings:

To play decoded data, an RTP Player has to store it somewhere. When data are decoded, audio samples and a lexicon are available for quick navigation. Although Wireshark can be configured to keep either type of data on the disc, it is often saved in memory. 

Below mentioned are the two settings for this purpose:

1. ui.rtp_player_use_disk1 – Audio samples are stored in memory when set to FALSE (the default). When TRUE is selected, audio samples are saved to a temporary file.
2. ui.rtp_player_use_disk2-Dictionary storage is enabled when set to FALSE (the default). Dictionary is saved to a temporary file when the value is set to TRUE.

When any data are set up to be stored on a disc, each stream receives its own file. Consequently, for each RTP stream, there could be up to two files (audio samples and dictionary). ​

VoIP Processing Performance and Related Limits:

The Resources are needed for RTP processing and RTP voice coding. You can use rough estimations as a general reference. ​

• The RTP Streams window can display as many streams as there are in the capture. Its performance is just constrained by memory and CPU.
• RTP Player can support 1000+ streams, but keep in mind that waveforms in this scenario are very tiny and difficult to distinguish.
• RTP Player uses the OS sound system to play audio, and the OS is responsible for mixing audio when various streams are played. In many circumstances, the number of mixed streams that the OS sound system can play/mix is limited. RTP Player attempts to handle playback problems and displays a warning. If this occurs, simply mute select streams and resume playback.
• The RTP Analysis window can accommodate 1000+ streams, but it is tough to use with so many streams-navigating between them is challenging. The RTP Analysis window is expected to be utilized for the analysis of the lower tens of streams.