The VoIP (Voice over IP) sniffer captures conversations from the network and records them to your hard disk. If seen by the sniffer, voice data is captured in each direction (caller<->responder) and then saved accordingly as mono or stereo WAV files. Although not required, if used with APR, this feature enables to silently intercept VoIP communications between victim hosts.



A lot of VoIP solutions both hardware and software are available as of today; some applications are:


- Microsoft Messenger (

- X-Lite softphone (

- Pulver communicator (

- KPhone (

- Gnomemeeting (

- eStara softphone (

- Advanced Dialer (

- Pingtel SIP Softphone (


- OpenH323 (

- Asterisk (

- PhoneGaim (

- SJphone (

- ...............................


VoIP applications make use of signaling protocols, like H323 and SIP, for creating, modifying and terminating sessions with conversation's participants.

Voice data streams are usually transmitted on the Internet by mean of the RTP (Real-Time Transport Protocol) protocol. RTP provides end-to-end network transport functions suitable for applications transmitting real-time data, such as audio, video or simulation data, over multicast or unicast network services. Speech data is sent in compressed forms to preserve bandwidth; codecs (compressor/decompressor) are used to convert the data streams at the transmitter/receiver side.

The RFC-3551 describes how audio and video data may be carried within RTP and it also defines a set of standard encodings, and their names, when used within RTP.

How it works

The sniffer extracts RTP session parameters like RTP ports, caller/responder IP addresses and dynamic codec types from SIP or MGCP session preceding the data flow on RTP. Then it captures and decodes RTP audio streams encoded with the following codecs: G711 uLaw, G771 aLaw, ADPCM, DVI4, LPC, GSM610, Microsoft GSM, L16, G729, Speex, Speex-16Khz, Speex-32Khz, iLBC, G722, G722.1, G723.1, G726-16, G726-24, G726-32, G726-40, LPC-10, SIREN, LRWB-16khz, AMR-NB, AMR-WB. Once decoded the audio is saved into mono or stereo WAV files on your hard disk.



The sniffer can decode and save VoIP conversations for supported codecs only.


Enable the SIP/RTP sniffer filter is the sniffer's configuration dialog.