OpenNetwork.xyz   Placeholder for our stuff related to Telecom, IT, Internet of things (IOT), ESP8266, Raspberry Pi

Find SRTP in packet capture

So you have just captured a SIP call with SRTP media and wondering why your wireshark is showing you RTP packets , these should be encrypted and hidden. Note that header for RTP \ SRTP is same. The only difference is that the payload in encrypted in SRTP. So you will very well see the RTP packets in a SRTP call, but you can't play the media as payload is encrypted in SRTP.

If wireshark is not already showing you RTP packets, you can right click, decode as & choose RTP. (The UDP packets are then shown as RTP).

How do you know that the RTP payload is encrypted? Well there is no straight forward way to know. The way to find is make a call, send some DTMF digits and look at the  packets what is sent. If you see the dialed digits in capture then it's not SRTP. If you see no digits or wrong digints in capture then it's SRTP.

 

© 2019 Suresh Hariramani