vomit - voice over misconfigured internet telephones
Related Information
 Cyber Security
 Honeypot Development
 Systrace Policies
 ScanSSH - proxy scanner
 Age Of Ignorance

 Support Vomit 
 Search Amazon  


vomit - voice over misconfigured[1] internet telephones

The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players. Vomit requires a tcpdump output file. Vomit is not a VoIP sniffer also it could be but the naming is probably related to H.323.


The vomit utility is distributed under a BSD-license and completely free for any use including commercial.

In order to build vomit, you need libevent, a library for asynchronous event notification and libdnet or libnet.


$ vomit -r phone.dump | waveplay -S8000 -B16 -C1


Vomit works only for G.711.


The program contains wave file interpreting code from waveplay by Y. Sonoda, ulaw conversion code from Sun Microsystems, and some pcap code from Dug Song. It also contains contributions by Marius A. Eriksen.


If you are inclined, you can leave a tip for me with PayPal. Sign up for it.


[1] Misconfigured might be misleading because the Cisco IP phones so far cannot do encryption. However, a quick solution is to establish an IPsec tunnel between the phone and the call manager. An old 486 laptop running OpenBSD is a good fit for that task. You could also run opportunistic encryption with OpenSwan on Linux.

Niels Provos <>
Last modified: Fri Jan 2 16:33:13 PST 2004