tags:

views:

211

answers:

2
Q: 

How does one capture H.323 voice traffic on a VOIP network?

What I am trying to do is capture the WAV data of a phone conversation on a VOIP network using SharpPCap/PCap.Net.

We are using the H.323 recommendation and my understanding is that voice data is located in the RTP packets. However, there is no way to heuristically determine if a UDP packet is a RTP packet, so we have to do more work before we can capture the data.

The H.323 recommendation apparently uses a lot of traffic on specific TCP ports to negotiate the call before the WAV data is sent via RTP. However, I am having very little luck determining what data is actually sent on those TCP ports, when it is sent, what the packets look like, how to handle it, etc.

If anyone has any information on how to go about this I'd really appreciate it. My Google-Fu seems to be failing me on this one.

+3  A: 

Wireshark is your friend... I imagine it still has a plugin that will allow you to select a VoIP stream and then save to file. The fun part will be if you are using a switched network.

Wireshark + VoIP

Matthew Whited  2010-06-02 15:37:20
I am sorry. I must not be making myself clear. I do not want to use Wireshark. I need to actually write software that performs this task of saving the WAV files of these phone conversations. I do not see how Wireshark helps me in this regard. Am I misunderstanding your suggestion?
Chris Holmes  2010-06-02 20:15:44
Well wireshark is open source so I'm sure you can find what you need in there. Also the protocol decoding is in wireshark as well. (And you could even use the packet data to decode the packets yourself.) The problem with most VoIP is it will be UDP on a switched network. Rather difficult to sniff off the wire.
Matthew Whited  2010-06-02 20:33:37
A: 

you have to parse h.323 OLC message from both sides then you will be able to know what pakets to capture

Boris  2010-06-15 18:07:53
Thanks Boris. I think I'm going about it differently, but I think what I am doing is going to work. Right now I am able to detect the RTCP packet via the header (packet type, 2nd byte) and then look for the SDES. The SDES will have the CNAME, and that gives me the unique phone. I also can then get the SSRC and start grabbing all the RTP packets with the same SSRC. Hopefully that allows me to do what I want and capture the WAV data. Haven't finished it yet. We'll see.
Chris Holmes  2010-06-16 13:33:56

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?