I have decided to write this tutorial (only for test purpose) to show how it is simple decode a G.729 stream using SPAN port, Wireshark, VoiceAge G.729 decoder and Audacity software.
What is G.729?
G.729 is an audio data compression algorithm for voice that compresses digital voice in packets of 10 milliseconds duration. It is officially described as Coding of speech at 8 kbit/s using conjugate-structure algebraic-code-excited linear prediction.
Because of its low bandwidth requirements, G.729 is mostly used in Voice over Internet Protocol (VoIP) applications where bandwidth must be conserved. Standard G.729 operates at a bit rate of 8 kbit/s, but there are extensions, which provide rates of 6.4 kbit/s (Annex D, F, H, I, C+) and 11.8 kbit/s (Annex E, G, H, I, C+) for worse and better speech quality, respectively.
G.729 has been extended with various features, commonly designated as G.729a and G.729b.
How to decode?
To decode a G.729 stream, you need:
- One switch with a SPAN port, see the “How to analyze traffic with SPAN feature” tutorial, or use MiTM attack hihihi
- A call (in G.729 mode).
- One PC with Wireshark, VoiceAge G.729 decoder and Audacity software.
Remember: Wireshark will currently allow you to save the G.711 RTP payload information in .au file format. This is why you need VoiceAge Decoder and Audacity software.
After saved the “call” with Wireshark, you must export the G.729 flow; to do it, follow this procedure:
- In Wireshark, identify the G.729 streaming; if you don’t find the RTP packet select the UDP packet, then use menu “Analyze” -> “Decode As”, Select “RTP” and press OK
- Use menu “Statistics -> RTP -> Show All Streams”. Select the desired stream and press “Analyze”. To ‘analyze’ the voices in each direction, select the two streams
- In the next dialog screen, press “Save Payload…”. Save options are: Format = .raw, Channel = forward, Name=ciscozine-f.raw. If you have selected two streams in the second step, you can save the “Channel = reversed” with the file ciscozine-r.raw
The ciscozine-f/r.raw files contain the G.729 flow, but how can I listen it?
You need to convert the ciscozine-f/r.raw file in ‘pcm’ format, using the ‘VoiceAge G.729 decoder’:
va_g729_decoder.exe ciscozine-f.raw ciscozine-f.pcm va_g729_decoder.exe ciscozine-r.raw ciscozine-r.pcm
Then, open the Audacity program, use menu “File” -> “Import” -> “Raw data”, select the ciscozine-f.pcm file and use this settings:
- Encoding: Signed 16 bit PCM
- Byte order: Little-Indian
- Channels: 1 Channel (Mono)
- Sample rate: 8000 Hz
Repeat the same step with ciscozine-r.pcm file… and listen/save it ;)