Decode and Listen to G723 / G729 RTP Streams using Wireshark

Dear Experts,

I'm involved in a small VoIP operation and every now and then I find myself taking captures of VoIP (SIP / H323) communication to analyze and solve problems. However time to time I bump into voice quality issues and I would like to capture and listed to the RTP streams to listen to whats wrong.

If the call is on G711 codec, there is no problem as Wireshark allows to Decode and Play the RTP steam or save it to play later. However, most of my calls are on G723 or G729, or sometimes even on iLBC.

I would like to find a way to enable Wireshark to decode and play G723 / G729 codecs. I understand these are licensed codecs and there might not be a straightforward way, however even if there is a plugin / decoder which I can purchase and pay the codec royalty fee, I wouldn't mind that either.

Please let me know if there is any product / solution out there which can do what I'm looking for.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kamran ArshadIT AssociateCommented:

Try out WinEyeQ:

For general voice quality you may check:

Adventnet VQ Manager:



The G. 729 codec is licensed through Spiro, if you really want access to the codec it will cost you see for details. It isn't cheap.

hope this helps,

You want to use cain to do this.
Here is a video,

The sniffer extracts RTP session parameters like RTP ports, caller/responder IP addresses and dynamic codec types from the SIP session preceding the data flow on RTP. Then it captures and decodes RTP audio streams encoded with the following codecs: G711 uLaw, G771 aLaw, ADPCM, DVI4, LPC, GSM610, Microsoft GSM, L16, G729, Speex, iLBC, G722.1, G723.1, G726-16, G726-24, G726-32, G726-40, LPC-10, SIREN. Once decoded the audio is saved into mono or stereo WAV files on your hard disk.

It is also possible to arp poison the phone and listen that way.

Standard disclaimers apply, use at your risk etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

shaf81Author Commented:
Hello All,

I've read about the WinEyeQ and all other commercial grade solutions out there. But it comes with a price tag an no good for a hobby user. Out of all the above, so far Cain & Able looks pretty interesting and exciting.

However Cain is doing ARP poisoning, and capturing the packets. I have sip servers running on remote servers and on linux. I cannot run cain on those networks coz I only have remote access to the network. I am able to use Tethereal/TCP dump. That's the very reason why I was looking for a way to decode g279 that was captured on Tethereal/Wireshark.

If no solution is found, then I guess I will have to settle with heydorft's answer.

Sridhar GanesanTechnical Specialist - Unified CommunicationsCommented:
I too had faced a few similar issue but was related to H323. I came across these links which might be useful in your case.

do check and let me know if it helped.


I'm also looking for a way to decode g729r8 audio streams. Does anyone have the details on how it can be done. Apparently the Microsoft Cap Ripper utility can do it, however the packet capture needs to be collected using NetMon or Sniffer Pro. Cap Ripper is embedded in Microsoft Windows 2003 NetMon. Please see the following link for details:

Cap Ripper:

Has anyone tried the above method?
Can anyone provide the Cap Ripper files?

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IP Telephony

From novice to tech pro — start learning today.