Record VoIP Calls
G.711 uLaw is the most common codec used in enterprise VoIP, but it's far from secure
The G.711 codec is the de facto standard for voice encoding on VoIP networks, because the earliest VoIP gear and software didn't have enough processor power for real-time transcoding from one codec to another. This means that if a call were to originate on the PSTN and terminate on a VoIP device, the entire call would have to be in the same codec. The codec that's always been used on the (North American) PSTN is G.711 uLaw. Unfortunately, even as Cisco CallManagerarguably the world's first enterprise VoIP platformbecame popular, it was painfully clear that running G.711 uLaw across the Internet was a very
thing to do.
That's because the RTP packaging convention used by most VoIP systems doesn't encrypt the media stream of a call, making it the aural equivalent of clear text, ripe for outside snooping. Using
and a copy of
(Voice over Misconfigured Internet Telephones), you can actually capture phone calls midstream and convert them into WAV files. How's that for security? (I argue that it's actually harder to secretly record calls with VoIP than it is on the PSTN, but let me digress here….)
To clandestinely record a G.711 uLaw phone call, you'll need to be able to run
, the common packet capture utility, or its Windows
. This means you'll need to be a privileged
on the machine you're going to record from (for Windows, this means Administrator; for Unix, it means root).
You'll also need the ability to view network traffic to and from the host(s) participating in the call. This means running the capture on one of the hosts directly, programming your switch to let you monitor the port where one of the hosts is connected, or (gasp!) connecting both
to a hub, where you can capture packets to your heart's content. To put this in plain English, unless you're using a hub or a specially configured switch, you'll be able to record calls only from a device that's actually on the call pathi.e., the caller's host, the receiver's host, or a VoIP server in the middle of the conversation.
6.15.1. The Hack
It's possible to do this hack on Windows (you'll need the same
library you used when you installed Ethereal on your Windows PC
; you did install Ethereal already, right?). However, I'll assume you're using Unix, since
is a standard Unix utility and because it's easier to install
on Linux or BSD than it is on Windows.
126.96.36.199. Compile and install libdnet and libevent.
To download, compile, and install the
libraries, required by
, log in as root and use these commands:
# cd /usr/src
# tar xvfz libdnet-1.10.tar.gz
# cd libdnet-1.10
# make install
# cd ..
# tar vzxf libevent-1.1a.tar.gz
# cd libevent-1.1a
# make install
Obviously, this is just a sequence of commands to fetch the libraries,
the archives, and compile the source code within.
188.8.131.52. Compile and install vomit.
Next, grab the
tarball and compile it on the same machine, again as root:
# cd /usr/src
# tar zvfx vomit-0.2c.tar.gz
# cd vomit-0.2c
# make install
184.108.40.206. tcpdump some packets.
When I did this hack, I did it on my Asterisk server running on Linux. This simplified the capture process, since all I had to do was set up an extension on the Asterisk server that
the call immediately and produced some audio. (For a refresher on doing this, flip back to "Attach a SIP Phone to Asterisk"
.) Once the extension was in place, I started
# tcpdump w test.file
When you use this command, it will create a dump file in the current directory that contains every IP packet sent or received by the default interface. This file is going to get big pretty quick, so run this command only for as long as is necessary to capture the call you're placing to the server. Then, at the conclusion of the call, hit Ctrl-C to stop
Now, here's the truly fun part. The point of
is to pick the G.711 RTP packets out of the dump file created by
, as shown earlier) and string them together into a WAV file. Try it:
# vomit r test.file > test.wav
Run that WAV file through SoX if you need it in another format
, and off you go. Just don't record any calls without full knowledge of the
, or you could find yourself in legal trouble.