Latest release notes of the VoIP Analyzer Tool


  • SIP
    • Siplog2Pcap: conversion from a SIP log to a pcap now supported for following SIP vendors:
      • 3CX
      • Alcatel
      • Anveo
      • Asterisk
      • AudioCodes Syslog
      • AudioCodes SIP ladder diagram files
      • Avaya
      • BroadWorks XS logs (BroadSoft)
      • Cisco or CUCM Sip Logs
      • Enovation UMO (UMO SIP Alarm devices)
      • Genesys
      • Lync
      • Mediatrix Syslog
      • Microsoft Teams -> see AudioCodes syslog
      • Mitel
      • OneAccess (Ekinops)
      • OpenScape Business (Atos/Unify)
      • OpenScape 4000 STMI SIP logs (Atos/Unify)
      • OpenScape Voice RTT traces (Atos/Unify)
      • RingCentral
      • Twilio
      • Yealink
    • Other SIP vendors can be supported on simple demand.


    • SipLog2Pcap: OpenScape voice RTT trace: optimize handling of SIP-Q message body
    • Show also SIP CANCEL after SIP RE-INVITE as incomplete SIP dialog
    • Show SIP Source IP and SIP Destination IP as summary in SIP Ladder diagram pop-ups
    • SIP Call duration is zero when there is no SIP BYE message


  • Anonymize
    • anonymize the HTTP protocol
    • anonymize the SSDP protocol
    • anonymize the FTP protocol (USER and PASS only)
    • anonymize also SIPS (Secure SIP)
    • Text2Pcap
    • Text2Pcap: make detection of start of a new hex packet more defensive
    • Text2Pcap: support Cisco ASR 5000 / Cisco ASR 5500 hexdump file format (RawIP)
    • Text2Pcap: support Fortinet hex dumps
    • Text2Pcap: support "Cisco monitor capture" format
    • Text2Pcap: support Juniper Netscreen Snoop format hex dumps


  • Other
    • Support CSTA III during pcap analysis: Show CSTA III messages in generated HTML page
    • optimize readability of the XML protocol in a SIP message body in the SIP ladder diagrams
    • support IP fragmentation for IP in a GRE tunnel (Generic Routing Encapsulation)
    • Optimize SEO
    • support TZSP encapsulation: TaZmen Sniffer Protocol
    • Generate wave files also for SRTP
    • Optimize RTCP logging
    • support of 802.3br packets


  • SIP
    • optimize creation of short SIP headers when there is a ";" sign in the SIP header display part
  • RTP
    • RTP comfort noice not correct indicated for SRTP in RTP HTML table
  • Anonymize
    • anonymize FTP password
    • anonymize HTTP GET string
    • always anonymize SIP TEL URI (also when they are not RFC conform formatted)
    • keep original IP addreses during anonymize when there are pre-defined documentation IP addresses (RFC5737)
  • Automatic update
    • check version.txt and version.html at startup
    • detect download of update failure. Make timeout shorter.
    • optimize handling if HTTPS request to check latest version is blocked
  • GPRS Tunneling Protocol (GTP)
    • optimize detection and unpacking of of GPRS Tunneling Protocol (GTP) when there are optional GTP parameters
  • Other
    • show license request sting in the logging at startup when there is no license
    • adjust executable names for linux (all lower case now)
    • default path to c:\voipanalyzer in Windows install program 


  • SIP
    • anonymize RFC7315 private SIP headers
    • support RFC3262 RAck SIP header for ABNF check
    • SIP request line sometimes too long in the SVG diagram
  • AudioCodes
    • Major performance optimalisation for AudioCodes SipLog2Pcap conversion
    • optimize AudioCodes SID filtered files
    • Detect CallID2 for Audiocodes sipLog2PCap. Show in HTML tables CallID2
    • Support multipart body for SipLog2Pcap (e.g. QISG, SIP-Q, ...) (e.g. for OpenScape Voice - OpenScape 4000 - OpenScape Business)
  • RTP
    • anonymize RTP payload while volume is still detectable
    • detect ambiguous RTP sender timestamp
  • MGCP
    • defensive reading of MGCP messages. allow <br> and \n
  • updater
    • add automatic online updater
  • ZIP
    • minor correction for unzipping with gzip
  • SipLog2Pcap
    • add CONVERSIONS button in GUI
  • General
    • optimize TCP reassemble when reassembled packet is larger than 64kB
    • Add counter in HTML tables simular as in CSV files


  • SipLog2Pcap
    • add CONVERSIONS button in GUI
    • SipLog2Pcap: convert SIP logs to Wireshark pcap files.
    • SIP log conversions supported from following vendors:
      • ▪ Anveo
        ▪ Asterisk
        ▪ AudioCodes Syslog
        ▪ AudioCodes SIP ladder diagram files
        ▪ Broadsoft
        ▪ Genesys
        ▪ Lync
        ▪ Mediatrix Syslog
        ▪ Mitel
        ▪ OneAccess (Ekinops)
        ▪ OpenScape Business (Atos/Unify)
        ▪ OpenScape 4000 STMI SIP logs (Atos/Unify)
        ▪ OpenScape Voice RTT traces (Atos/Unify)
        ▪ Twilio
  • AudioCodes
    • convert AudioCodes syslog files to an audit with a filtered AudioCodes syslog file for each unique SIP call [SID=xxx:xxx:xxx]
      o Add unique AudioCodes Log as table entry in all the HTML pages after audit
      o Support Audit of AudioCodes Debug Recording (ACDR) capture inclusive AudioCodes logs (SIP + RTP + RTCP)
      o Convert AudioCodes debug recording capture to a normal Wireshark capture during the Merge functionality (SIP + RTP + RTCP)
    • Hex2Pcap: convert Wireshark HEX files to Wireshark pcap files
      - Tunneled QSIG in SIP message body
      o more exact processing of tunneled QSIG in SIP (or SIP-Q): process as HEX
      o detect false hits on \r in multipart/mixed body
      o Support "Content-Disposition:" as body header for multipart/mixed
    • Still show the tool GUI when the license is expired
    • Optimize handling of captures on the Null/loopback device
    • add VoIPAnalyzerUpdater: check at startup if online any update is available
    • Use "frame.number==" in loggings (not WP== anymore)
    • Correct gzip issue during merge on Linux
  • Anonymize
    • o also anonymize optional parameters in the SIP FROM header
      o support anonymize of IGMP multicast packets
      o do not process DHCP packets during anonymize
  • RTP
    • o Show Max RTP delay, max RTP Jitter and Max RTP Skew in RTP HTML table
      o correct influence between RTP and DTMF on RTP statistics


  • correct influence between RTP and DTMF on RTP statistics
  • detect IPv6 For Raw captures
  • add extra hints in syslog for anonymize
  • anonymize ICE candidates in SDP
  • SipLog2Pcap: paste DateTime also when year is not available (e.g. for AudioCodes syslog)
  • support AVPF and SAVPF in SDP
  • clean addition struct memory at the end of an audit/anonymize/merge
  • make anonymized DNS names iso mapped IP addresses
  • use more natural filename after anonymize (xxx_ANON)
  • correct rewriting of SDP length after anonymize
  • optimize TCP re-assembly mechanism
  • optimize cleanup of leftovers after TCP assembly
  • give warning when zip fle is opened
  • correct processing of abbreviated headers
  • TCP reassembly rework + hexdump in hex2pcap format
  • gzip for pcapng
  • cleanup/optimize IP fragmentation
  • SipLog2Pcap generates incorrect "application/csta+xml" body
  • optimize handling of pcapng capture with both ethernet packets as also sll packets
  • Only last RTP codec is shown in the HTML RTP overview
  • Update logging for abbreviated SIP headers
  • Support the SIP NEGOTIATE method
  • optimize logging of sip.Call-ID=="xxx"
  • Update SipLog2Pcap help file
  • SipLog2Pcap: support Mitel Sip log conversion to pcap
  • SipLog2Pcap: add Mitel and OpenScape Voice RTT log conversion to pcap
  • Correct PCAP with wrong TCP flags (e.g. push flag)
  • solve progress bar > 100% issue
  • Support detection of IEEE802.3br preemption
  • Add proprietary X-RTP-Stat headers
  • LinkLayerType as short
  • update on IEEE 802.3br detection
  • Add proprietar Siemens SIP headers
  • Add proprietar ThigSbc SIP "X-" headers
  • SipLog2Pcap: add vendor OneAccess for SIP log conversion to pcap
  • SipLog2Pcap: also detect abbreviated content-type SIP header "c:"
  • Read QSIG in body as bytes, not as chars
  • SipLog2Pcap code optimalisation: make separate classes
  • support ^M
  • SipLog2Pcap: detect splitted SIP headers and combine them
  • Add also "SIP Reason header" in HTML table for Register, Options etc
  • Show SIP 403 Forbidden in the HTML ERROR tables
  • SipLog2Pcap: detect SDP splitted on 2 lines for AudioCodes syslog logs.
  • SipLog2Pcap: optimize splitted SIP messages
  • SipLog2Pcap: support SIP messages on one line with numerous \n
  • SipLog2Pcap: only search for \n if also SIP/2.0 can be found in the string
  • add icons to Web projects and put header on index page
  • SVG corrupted for "var protmessage0" when \r leftover occurs
  • first detection SIP Common Log Format (CLF)
  • error in cleanup tcp stream
  • siplog2pcap html corrections (header)
  • web: correct clear page for Firefox + make buttons
  • Show errors/warnings when SIP RFC errors occur 


  • Support "RAck" SIP header (RFC3262)
  • support IP fragmentation with duplicate packets
  • adjust handling of fragmented packets
  • Adjust default OpenScape SBC ports from 50000-50019 to 50000-50039
  • check maximum framesize of 64K after IP or TCP assembly
  • do not use duplicate RTP packets for wave files
  • cleanup at the end of IP fragments and TCP segments
  • hex2pcap for online tool on website
  • hex2pcap: detect de-chunked data and skip it
  • allow a tab character for Hex2Pcap splitting
  • allow maximal merged filesize of 4 Gb
  • optimize link layer detection
  • detect RTP packets when they use well known SIP ports
  • allow any SIP response code in the range 100-699
  • add remark in HTML when RTP delay is highter than 60ms
  • check if the 5 mandatory SIP headers are available during audit
  • prevent false hits on RTP and RTCP after SIP BYE
  • SipLog2Pcap for online tool on website
  • online web tool: make specific page for wrong cases (e.g. wrong input)
  • Wireshark OSPF packet not always correct parsed
  • support radius and diagram protocol (not in GUI yet)
  • adjust parsing of MGCP request line
  • adjust parsing of CSeq SIP header
  • do not allow SVG drawing with negative x position
  • add help file for relevant commands for tshark to text
  • culture dependency for DateTime
  • use minimal HTML table height when table is empty
  • show short names for wave files in HTML tables
  • Add SIP reason header in generated HTML tables
  • optimize splitting of long strings (e.g. SIP From/To/CallID) in HTML tables


  • now supported as Date format: day/month/year or month/day/year or year/month/day
  • Support RawIP for Hex to Pcap conversions
  • also anonymize SRTP
  • give warning for zero duration parameter for DTMF via RFC2833/RFC4733
  • use only destination IP and destination port for RTCP filenames
  • check if SDP content length value header is consistent with SDP body length
  • minor correction for new SDP content length after anonymize
  • major performance optimalisation during writing of syslog entries from Pcap to syslog text files
  • correction regarding detection of multiple SIP messages in one single Wireshark packet
  • support P-RTP-Stat header for RTP statistics
  • ignore X-Siemens-RTP-Stats: stats not available


  • major performance optimalisation during audit
  • - finetune anonymize of MGCP messages
  • - minor updates in help files
  • - create new CHM help file
  • - minor bug fixes


  • New code signing certificate
  • Detect ZRTP magic cookie in RTP header
  • SIP port range extended to 5060-5080 and 5090
  • Time processing : Local or UTC (also in GUI)
  • Merge folder selection instead of one file selection in the merge folder
  • MGCP csv file
  • Support nested 802.1Q
  • Useragent text added to message flow diagrams


  • support of the MGCP protocol
  • Handling SVG message graphs more generic (also for MGCP)
  • Correction on script error popup for .chm help file
  • Correction with multiple linktypes in pcapng
  • Filter column buttons in HTML tables
  • issue solving


  • support Raw IP header
  • use colors in RTP HTML pages to highlight issues with packet drop, jitter, skew etc
  • support abbreviated SIP headers
  • use always TTL value 64 after anonymize to hide network topology
  • support detection of GRE tunnel will NULL encryption
  • add “clear logging window” button in GUI
  • TCP segmentation finetuning
  • Detect SIP BYE immediate after SIP RE-INVITE (incomplete SIP dialog)
  • Make ethernet address anonymous during anonymize
  • Add dropzone on website
  • Added free online demo on our website
  • Optimize performance


  • performance optimalisation during merge action
  • update of online help files
  • update of offline CHM help files
  • update tool icon
  • bug fixes


  • support merging of Ethernet packets + Linux SLL packets at the same time to one wireshark capture


  • support the Wireshark snoop format
  • use UTC time for Wireshark captures
  • make also RTP stats in CSV format
  • also anonymize data TCP packets with data length zero (e.g. TCP SYN)
  • support VoIPAnalyzer tool on Linux
  • support VoIPAnalyzer tool on macOS
  • bugfixes


  • Support of PCAPNG (pcap next generation) Wireshark format
  • Add also a split button next to the merge button
  • Improved performance in some area’s
  • Add progressbar in GUI
  • bugfixes


  • Initial version released for any 64 bit Windows Operating system