Many organizations and even regular end users have implemented or used VoIP (Voice over IP) solutions mainly to reduce costs in voice and multimedia communication sessions that would have otherwise required the use of paid telephone lines. To use VoIP services we must use SIP (Session Initiation Protocol).

For this exercise, we will be using the SIP example 1 (freeswitch4560_tosipphone_ok.pcap) packet capture file to analyze VoIP services, if any.

As with our previous HTTP web analysis, a new case and session must be created with the relevant details for this new case:

• Case name: SIP_Analysis
• Session name: Sip_File

Once the case and session has been created, browse to the .pcap file to be uploaded (freeswitch4560_tosipphone_ok.pcap) and click Upload to begin the decoding process:

After the file has been decoded, we can see that there are 2 results listed in the Calls category in the lower right corner:

To begin exploring and analyzing the details of the VoIP calls, click the VoIP option on the menu to the left:

Clicking the Sip sub-menu, we are presented with details of the calls. We can see that calls were made from "Freeswitch" <sip:[email protected]> to Freeswitch <sip:[email protected]>:

Click on the Duration details (0:0:19) to analyze and explore further:

Let us first click on cmd.txt to view the information file and log:

In the previous screenshot, we can see details of the numbers in conversation, date, time, and duration. There is also an option to play the conversations on either end: