Listening to RTP voice conversations using Mitel 3300 ICP CX and Wireshark

Hi All,
We have a problem at a customer site and will be going there to capture RTP packets using Wireshark (and Port Mirroring on a HP Procurve 2650) on their Mitel 3300 CX.

How do I go about by analying the packets and listening to the RTP conversation?

In a test environment i've managed to get "UDP packets" and then using "Decode as..." to convert the output to RTP (which indicates G.711 PCMA codec etc.).

Now after that, if I goto "Statistics -> VOIP Calls" it shows nothing (is this only used for SIP?)

If I goto "Statistics -> RTP -> Show all Streams" it shows the conversations (both ways from phone to ICP and ICP to other phone) but if I select save payload, save as .au and "both directions", the length of the audio is correct but the audio itself is blank.

Is this due to encryption on the Mitel box? I get none of that "Bogus IP header" stuff.

Any and all help is appreciated
IntegraICT-DaveCarterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IntegraICT-DaveCarterAuthor Commented:
Further to this, I have TLSv1 protocol packets going to and from the Mitel 3300 (Which I believe is wrapped in SSL). So do I need to disable Voice encryption on the Mitel 3300?
0
jdechiaroCommented:
You won't be able to listen to the audio if it is encrypted as that would defeat the purpose. Are you using SRTP?
0
jdechiaroCommented:
Also it sounds like you are not capturing the whole call either, you should not have to convert the UDP to RTP with wireshark if you start the trace before the call begins.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

IntegraICT-DaveCarterAuthor Commented:
Very strange. I'm not sure what protocol we're using, can you point me in the direction of where to find out? As for cpaturing the whole call, it should be, i'm mirroring the port on a 3com 4500G, and it's capturing several different RTP streams (classed as UDP until I 'decode as') thats start and finish
0
IntegraICT-DaveCarterAuthor Commented:
Also, we disabled encryption, and restarted the Mitel 3300 (this is using 8.0 UR2 by the way) - And we get the same output
0
jdechiaroCommented:
THe Mitel should be running SIP. Also you won't be able to listen to the call if you are running g729, only g711 is supported.
0
IntegraICT-DaveCarterAuthor Commented:
It's not running SIP I think, after I decode the UDP it states that it's G 711 so I believe it's running in the normal "Minet" mode
0
jdechiaroCommented:
i just tested,  no need to decode. Go to RTP / show all streams. Select RTP stream. Then choose Find Reverse, then analyze, save payload. Save as .AU in both directions, that should work.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IntegraICT-DaveCarterAuthor Commented:
Brilliant, you're right. After disabling encryption you can save the payload and can hear conversations. Before it was like static. Thanks very much :)
0
crossfireitCommented:
how did you disable encryption on the Mitel?

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IP Telephony

From novice to tech pro — start learning today.