{"id":574,"date":"2008-10-24T23:00:14","date_gmt":"2008-10-25T03:00:14","guid":{"rendered":"http:\/\/nuxx.net\/blog\/?p=574"},"modified":"2008-10-24T23:03:40","modified_gmt":"2008-10-25T03:03:40","slug":"tapping-voip-aka-decoding-itu-t-g711-%c2%b5-law","status":"publish","type":"post","link":"https:\/\/nuxx.net\/blog\/2008\/10\/24\/tapping-voip-aka-decoding-itu-t-g711-%c2%b5-law\/","title":{"rendered":"Tapping VoIP (aka Decoding ITU-T G.711 \u00b5-law)"},"content":{"rendered":"<p><center><\/p>\n<table cellpadding=1>\n<tr>\n<td bgcolor=\"black\"><a href=\"https:\/\/nuxx.net\/gallery\/v\/computers\/screenshots\/voip_capture_sample.png.html?g2_imageViewsIndex=2\"><img decoding=\"async\" src=\"https:\/\/nuxx.net\/gallery\/d\/77519-2\/voip_capture_sample.png\" height=480 width=640 border=0 alt=\"Screenshot of Wireshark decoding a RTP stream using ITU-T G .711 \u00b5-law compression.\"><\/a><\/td>\n<\/tr>\n<\/table>\n<p><\/center><\/p>\n<p>While <a href=\"https:\/\/nuxx.net\/blog\/2008\/10\/24\/sip-via-asterisk-on-nokia-e51\/\">setting up my Nokia E51 w\/ VOIP<\/a> I was informed that the communication between the handset and the server uses the <a href=\"http:\/\/en.wikipedia.org\/wiki\/ITU-T\">ITU-T<\/a> <a href=\"http:\/\/en.wikipedia.org\/wiki\/G.711\">G.711<\/a> <a href=\"http:\/\/en.wikipedia.org\/wiki\/%CE%9C-law_algorithm\">\u00b5-law<\/a> codec for the audio without any additional encryption, meaning that it is relatively easy to capture and listen in on. I&#8217;d never done a VOIP capture and decode, so I set set up a capture on the firewall (<tt>tcpdump -i gem0 -s 2000 -w file.cap host x.x.x.x<\/tt>) and grabbed a test phone call made to Danielle as she sat in the living room with some friends.<\/p>\n<p>After opening the capture in <a href=\"http:\/\/www.wireshark.org\/\">Wireshark<\/a> I used the basic built-in VOIP analysis tool to get the windows shown above. The main window is the capture and decode itself, another shows the one detected <a href=\"http:\/\/en.wikipedia.org\/wiki\/VoIP\">VoIP<\/a> call and its details, and the third is a basic playback window replying the voice of the phone call. (Click on the image above or <a href=\"https:\/\/nuxx.net\/gallery\/v\/computers\/screenshots\/voip_capture_sample.png.html?g2_imageViewsIndex=2\">here for a full resolution copy of the screenshot.<\/a>)<\/p>\n<p>Using the RTP stream analysis stuff one is able to save out the audio as an <a href=\"http:\/\/en.wikipedia.org\/wiki\/Au_file_format\">.au file<\/a>. I was running into some problems with this as one half of the conversation was padded by a few minutes of silence during export (a Wireshark bug, it seems), but the audio is still very much available. Both halves of the conversation were then brought it into <a href=\"http:\/\/audacity.sourceforge.net\/\">Audacity<\/a>, aligned, the level of the inbound (remote, Danielle) side was brought up a bit, and the audio was exported it as an MP3: <A href=\"https:\/\/nuxx.net\/audio\/voip_capture_sample.mp3\">voip_capture_sample.mp3<\/a>.<\/p>\n<p>This capture and decoding was easy for me to do because of the ready access to my own network and lack of encryption of the session. Getting another person&#8217;s calls is generally a bit more complicated. That said, imagine how easy it must be for a large government agency with a tremendous budget, amazing computing resources, and <a href=\"http:\/\/www.wired.com\/science\/discoveries\/news\/2006\/04\/70619\">access to the backbones of the country&#8217;s telecommunications infrastructure<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While setting up my Nokia E51 w\/ VOIP I was informed that the communication between the handset and the server uses the ITU-T G.711 \u00b5-law&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/nuxx.net\/blog\/2008\/10\/24\/tapping-voip-aka-decoding-itu-t-g711-%c2%b5-law\/\">Continue reading<span class=\"screen-reader-text\">Tapping VoIP (aka Decoding ITU-T G.711 \u00b5-law)<\/span><\/a><\/div>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-574","post","type-post","status-publish","format-standard","hentry","category-computers","entry"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/posts\/574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/comments?post=574"}],"version-history":[{"count":8,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/posts\/574\/revisions"}],"predecessor-version":[{"id":583,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/posts\/574\/revisions\/583"}],"wp:attachment":[{"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/media?parent=574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/categories?post=574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuxx.net\/blog\/wp-json\/wp\/v2\/tags?post=574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}