Listening to RTP voice conversations using Mitel 3300 ICP CX and Wireshark
Hi All,
We have a problem at a customer site and will be going there to capture RTP packets using Wireshark (and Port Mirroring on a HP Procurve 2650) on their Mitel 3300 CX.
How do I go about by analying the packets and listening to the RTP conversation?
In a test environment i've managed to get "UDP packets" and then using "Decode as..." to convert the output to RTP (which indicates G.711 PCMA codec etc.).
Now after that, if I goto "Statistics -> VOIP Calls" it shows nothing (is this only used for SIP?)
If I goto "Statistics -> RTP -> Show all Streams" it shows the conversations (both ways from phone to ICP and ICP to other phone) but if I select save payload, save as .au and "both directions", the length of the audio is correct but the audio itself is blank.
Is this due to encryption on the Mitel box? I get none of that "Bogus IP header" stuff.
Any and all help is appreciated
We have a problem at a customer site and will be going there to capture RTP packets using Wireshark (and Port Mirroring on a HP Procurve 2650) on their Mitel 3300 CX.
How do I go about by analying the packets and listening to the RTP conversation?
In a test environment i've managed to get "UDP packets" and then using "Decode as..." to convert the output to RTP (which indicates G.711 PCMA codec etc.).
Now after that, if I goto "Statistics -> VOIP Calls" it shows nothing (is this only used for SIP?)
If I goto "Statistics -> RTP -> Show all Streams" it shows the conversations (both ways from phone to ICP and ICP to other phone) but if I select save payload, save as .au and "both directions", the length of the audio is correct but the audio itself is blank.
Is this due to encryption on the Mitel box? I get none of that "Bogus IP header" stuff.
Any and all help is appreciated
You won't be able to listen to the audio if it is encrypted as that would defeat the purpose. Are you using SRTP?
Also it sounds like you are not capturing the whole call either, you should not have to convert the UDP to RTP with wireshark if you start the trace before the call begins.
Very strange. I'm not sure what protocol we're using, can you point me in the direction of where to find out? As for cpaturing the whole call, it should be, i'm mirroring the port on a 3com 4500G, and it's capturing several different RTP streams (classed as UDP until I 'decode as') thats start and finish
Also, we disabled encryption, and restarted the Mitel 3300 (this is using 8.0 UR2 by the way) - And we get the same output
THe Mitel should be running SIP. Also you won't be able to listen to the call if you are running g729, only g711 is supported.
It's not running SIP I think, after I decode the UDP it states that it's G 711 so I believe it's running in the normal "Minet" mode
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Brilliant, you're right. After disabling encryption you can save the payload and can hear conversations. Before it was like static. Thanks very much :)
how did you disable encryption on the Mitel?
ASKER