Office Communications Server 2007 R2 automatically encrypts all peer to peer VoIP traffic within an organization using Transport Layer Security (TLS). This is default behavior and does not need to be enabled by an administrator. The one exception to this rule is when the VoIP call leaves OCS and travels through a 3rd party gateway. These gateways do not have TLS enabled by default and allow for the Mediation server to communicate over unencrypted RTP over TCP port 5060. Many gateways support TLS and an administrator could perform the extra step of adding an SSL certificate so that traffic can be encrypted between the Mediation server and the Gateway. So in an environment where the organization needs to record all inbound and outbound phone calls, a packet capturing software could be placed on the Mediation server to record and playback VoIP calls. A span port could be enabled on the network switch to mirror the traffic going to/from the Mediation server and have the same effect.

Wireshark is a powerful packet tool that can capture and playback the audio portion of a VoIP call.

1. Record the call

2. Click Telephony > VoIP Calls

3. Click the phone call, then click Player


4. Click decode


5. Click the checkboxes next to each stream and then click play.


You will hear the full audio conversation for that VoIP phone call. This also works for other VoIP technologies including Vonage.

Exporting the call to a file that can be played in Windows Media Player is performed by the following steps:

1. Telephony > RTP > Show All Streams


2. Select the stream and then click Analyze, then click save payload.


3. Click the .AU file format (this can be played in Windows Media Player, and select both channels.

For extended captures, the command-line dumpcap tool that is packaged together with the Wireshark installation is more efficient at long term capture because it can break up the capture into chunks and does not require as much memory. This task manager screenshot shows dumpcap taking up just 1mb of RAM.


The syntax below shows a capture broken up into 20mb files and attempts to isolate traffic to the 2nd interface (-i2) and contains a filter (-f) that isolates traffic to one particular host and excludes ARP and DNS (port 53) traffic.

dumpcap -i2 -f "host and not arp and not tcp port 53 and not udp port 53" -bfilesize:20240 -w voip -afilesize:20240

While Wireshark has the capability to playback captured VoIP packets, but it was designed to be used as a troubleshooting tool and not to meet any compliance or e-discovery requirements. For example, you cannot perform a search across multiple packet capture files for a particular phone number and return results that can be quickly played back. It is a tedious process to export the voice portion of a call from wireshark into an audio file that can be emailed to someone who does not have wireshark, and the audio conversion process creates a file that significantly distorts the speech. There is an appliance available from CACE Technologies called the Shark Appliance that may offer some improvements. If I hear back from them I will update this blog article.


Therefore, enterprises should look to 3rd party solutions for call recording needs in OCS. So what options would an organization have for professionally recording calls within OCS? Telrex offers a product called CallRex that can plug-in to OCS.

CallRex Call Recording in the Microsoft OCS environment.

Another 3rd party product from SIP Print has a 1U appliance that can handle call recording for up to 200 users per appliance and has enough internal storage to record a single handset for 10 years. The product does not seem as integrated with OCS as Telrex. For example, there does not appear to be integration at the client level, only on the back-end, and it does not appear to record internal peer to peer calls like Telrex offers. But it does offers the features that Wireshark lacks – easy search by phone number, and easy export to .WAV file.


For executives who want to record conference calls ad-hoc, the snom MeetingPoint conference phone offers this functionality.snom phones are compatible with OCS and Tim Koehler has a snom-OCS blog here.


Know of any other good enterprise call recording solutions for OCS? If so, please post a comment here. Thank you.

[Update 3/9/2010] I looked into POSTcti’s solution and it looks like a great fit for OCS. Take a look at their solution here and read this Microsoft case study here for more information.


Disclaimer: I am not responsible for your actions if you record a call unlawfully. Check your state and federal laws before proceeding.