Extracting audio from a call using sngrep and wireshark
On many occasions we have encountered situations in which it is necessary to capture a call at the network level in order to debug a problem. Although there are many tools to perform captures such as tcpdump and Wireshark/tshark, we almost always resort to sngrep, since it's very easy to use and has a large number of features that allow us to quickly access the call we want to inspect. Therefore, we've decided to write a short post on how to install and use it. sngrep and Wireshark to extract audio from a call
What is sngrep?
sngrep It is a tool to facilitate learning or debugging SIP. It is developed and maintained by the Spanish company irontec, and in our opinion, it is essential when it comes to debugging SIP issues. It is distributed under the GPLv3 license. Its notable features include its simplicity, the ability to run on the console thanks to its interface based on ncurses, and the ability to filter by a large number of fields, in addition to the fact that it allows us to capture both SIP signaling and RTP audio.
Facility
The documentation of sngrep is quite extensive and we are not going to replicate it in this post. To obtain sngrep We have the option to compile it from the sources or choose to install it using the binaries which are available in several distributions (Debian/Ubuntu, CentOS/Fedora/RHEL, Alpine Linux, Gentoo, Arch, etc). We usually do the installation using binaries available in the repositories of irontec. For example, for Centos 5/6/7 we create the following file with the following content:
/etc/yum.repos.d/irontec.repo
[irontec]
name=Irontec RPMs repository
baseurl=http://packages.irontec.com
/centos/$releasever/$basearch/
After that we must install the repository key:
wget http://packages.irontec.com/public.key -q -O – | apt-key add –
And finally perform the installation of the package:
apt-get update
apt-get install sngrep
Capturing calls
To run sngrep so that we can capture only calls and also include the RTP in them, we must execute it with the following parameters:
sngrep -c -r
With the above sngrep starts in its main window where we can view the different dialogs:
Again we recommend consulting the documentation since we have the option to execute different actions such as filtering dialogues and recording certain calls.
By entering a particular dialogue (pressing enter on the line) we can access its different messages:
This window is particularly useful because it allows you to navigate through the different messages and observe each one in detail, being able to view the SIP headers as well as the values found in the messages.
Likewise, by pressing F3 In this window we can see the RTP information.
When returning to the main window (by pressing the ESC key) we can access the capture recording dialog by pressing the key s, this is where we can indicate the dialogues that will be recorded as well as if we want to include the RTP in said capture (NoteTo record the RTP you need to run sngrep with the -r option).
Using Wireshark to extract audio
After opening the file in Wireshark, we proceed to view the "RTP Streams" in the "Telephony" menu:
We select one of the flows we want to analyze and ask Wireshark to find the corresponding dialog in the other direction using the "Find Reverse" button:
Then we enter the RTP stream analysis dialog using the "Analyze" button:
In this menu, we can obtain detailed information about the RTP stream, replay the call, find problems with the RTP traffic, and download the payload, which is the call recording. It is important to record the call in .au and include both channels in the recording:
Finally we will get an audio file with the desired call:
The interesting thing about this method for accessing call audio is that the RTP stream is captured directly on the network interface, so in the event of audio quality issues, there's a better chance of diagnosing the cause. Likewise, it's completely independent of the telephony core being used, such as Asterisk, FreeSWITCH, Kamailio, etc., since when used this way, we're only talking through SIP and RTP.
By: Jose Franco
#We invite you to read our blog post «How to select a TTS service»
Learn about our Corporate Solutions
Learn about the IP telephony, multi-agent chat, and mass text and voice messaging solutions for your business.
Are your customers waiting too long? How to reduce response times without sacrificing quality
Read more ...
Common mistakes when implementing technology in customer service and how to avoid them
Read more ...
English 
Spanish
3 Responses