VoIP traffic monitoring use-case

Are your VoIP bills too damn high? Are you paying more than you should? Maybe you don’t even know it! You might have a similar problem as our customer had. Let’s see what the problem was and how Flowmon solved it in following use-case.

Posted on

Organizations more and more call for VoIP traffic analysis. The reason is simple, VoIP technology has spread fast business communication as an alternative for expensive phone lines. Solution for such analysis should allow to list call records, identify calling and called party, duration, characteristics, quality of the communication and more.

Since 2013 Flowmon fully supports VoIP traffic analysis and provides organizations with all important characteristics to successfully satisfy their needs when preventing frauds and undesirable behavior. How does it work? The solution recognizes SIP, RTP and RTCP protocols, extracts and stores information from these packets as a part of flow records. For SIP protocol it can be e.g. call initialization, accept, reject, termination, etc. For protocol RTP it can be e.g. used codec and for protocol RTCP information about quality of the call.

In Flowmon Monitoring Center it is possible to list all calls, see calling party, called party and look into each call characteristics. It is also possible to report and alert on call records according to specific parameters or calling/called party and more. Using this features is what helped our customer to solve his problem.

Customer noticed a significant increase in VoIP bill and began wondering what caused it. The first thing which came into his mind, was that somebody from the company is calling on premium number or calling abroad. Usually, blocking these numbers is PBX (Private Branch Exchange) functionality, but the customer had limited license and this functionality was unavailable. Using Flowmon solution, VoIP analysis and filtering according to SIP called party, IT department was able to recognize call records, where company employee was calling on premium number (number starts with 900). Using SIP calling party and IP address, it was possible to find out what person/employee was responsible for such calls and VoIP bill increase.

It’s good to know what caused the problem, but it is better to take action when the prohibited call occurs again. In Flowmon, you can set up the profile which shows you all VoIP traffic and creates report where you can filter calls on premium numbers or calling abroad. Then you can set alerts – set alert on profile (VoIP traffic) with specific filter and choose action which will be performed based on detection of prohibited call, e.g. send e-mail and run user-defined script.

Setting up an alert is pretty straightforward. After naming the alert choose profile with SIP traffic and set filter to sip-called “sip:premium_number_prefix” (e.g. premium number prefix in Czech Republic is 900) or if you don’t have profile for SIP traffic, select live profile and set filter to port 5060 and sip-called “sip: premium_number_prefix”. Next step is to set conditions and actions which should be executed after event detection and that is all – from now on you will be alerted on such events.

No experience with Flowmon yet? Try out the Flowmon Live Demo or Flowmon Trial and stay in touch for further information on our products! 

Explore the Flowmon interactive demo

Experience a fully interactive product demo to see what issues Flowmon can tackle for you.

Launch Demo

Flowmon ADS

Detect and Stop ransomware!

Launch more

Request free trial

Get no-obligation 30-day trial of Flowmon in your network.

Get your trial today