We're trying to find the actual source and destination telephone numbers once a VOIP packet is detected on our network. Do you know how we can do this, or if there are any software add-ins that can do this? We're using GigaPeek by a company called WildPackets for our analysis.
VoIP packets are not any different than any other packets that GigaPeek would see. When a voice call is generated in VoIP, if the phone number goes to the PSTN it moves through a gateway. If the IP-PBX knows that it can be a VoIP call, then it packetizes the voice, ups the quality of service bit and forwards it to another IP address. This information is done within the PBX. The voice transmission is reassembled at the destination.
In order to find the phone numbers associated with an IP packet, you would need to look in your PBX or gateway. You can also do a reverse address resolution protocol (RARP) lookup, find the name of the owner and determine who owns it from there. If you can export your list from your PBX then you can do a simple query on the list. If the PBX belongs to someone else and you are just carrying the packets, then an RARP lookup may be your only means of identification.
From your command prompt – type arp /? And you will see all of the options available.
Are you using IPv6 or regular IP? How are you determining that it is a voice packet? Are you doing this only via the QoS bit? Are you using SIP? If you can give me a bit more information, I will be glad to provide additional information.
You may also want to check out QiiQ at http://www.qiiq.com/support/supportGlossary.htm and see their products, they may provide some assistance.