Voice Over Internet Protocol (VoIP) is now a pervasive communications technique. You may not even be aware that you are using it. This module discusses the VoIP technology and how to use Wireshark to extract the VoIP session data from packet capture files.

The module addresses:

  • What is Voice Over IP (VoIP).
  • What protocols are used to control VoIP sessions (SIP, SDP, RTP).
  • What data can we extract from VoIP sessions.
  • What are the limitations on what can be extracted.

A basic knowledge of Wireshark, Internet Protocol (V4) and User Datagram Protocol (UDP) are assumed. The module includes embedded examples using the popular Nitroba University Harassment Case study.

Download the Nitroba PCAP Capture File and with Wireshark answer the following questions:

1.  Who is the VoIP Service Provider?
2.  Are the calls placed to an endpoint ultimately on the Internet, or on the telephone network?
3.  What does the audio stream contain for the call?
4.  Do both sides of the call talk? Why or why not?

For an additional challenge, set up your own pair of SIP phone devices and record a packet capture using Wireshark. There are many free SIP service providers (see http://www.voip-info.org) and free SIP phone applications.  SKYPE is NOT a SIP application (how is it different?). 

The author used: (1) X-Lite on a Windows 7 machine, which also hosted the Wireshark application to capture packets in/out of X-Lite; (2) iPhone SessionTalk ($US0.99; free version has a 60 second limit); and (3) A free SIP Service provider from getonsip.com. Be sure to configure all applications to turn off encryption and to use the G.711 codec for simplest information.

The Nitroba PCAP File can be obtained from:


The PCAP files, RFC document standards and some test resources are listed below. Wikipedia contains a good description of these topics as well that is quite readable.

Excellent General Information on VoIP:

Data Files:

Nitroba Case Study – PCAP file contains a VoIP Session:     

PCAP Files (Some with VoIP):

RFC Documentation on Protocols:

RFC 3261 – Session Initiation Protocol: 

RFC 3550 – Real-Time Transport Protocol: 

RFC 4566 – Session Description Protocol: 

ITU Standard on Codec:

ITU G.711: Pulse Code Modulation: 

If you want to play on your own, this was my test configuration for experimentation. There are many other providers and applications for all platforms for SIP telephony.

Free SIP Service Provider: 

iPhone SIP Application:  
    SessionTalk, SessionChat

Desktop SIP Phone Application: X-Lite 

You must Sign-In to post a comment.