vomit - voice over misconfigured internet telephones
The vomit utility converts a Cisco IP phone conversation into a
wave file that can be played with ordinary sound players.
Vomit requires a tcpdump output file.
Vomit is not a VoIP sniffer also it could be but the naming is probably
related to H.323.
The vomit utility is distributed under a BSD-license and completely
free for any use including commercial.
In order to build vomit, you need libevent, a library for asynchronous event notification and libdnet or libnet.
$ vomit -r phone.dump | waveplay -S8000 -B16 -C1
Vomit works only for G.711.
The program contains wave file interpreting code from waveplay by Y. Sonoda,
ulaw conversion code from Sun Microsystems, and some pcap code from Dug Song.
It also contains contributions by Marius A. Eriksen.
If you are inclined, you can leave a tip for me with
Sign up for it.
 Misconfigured might be misleading because the Cisco IP phones so
far cannot do encryption. However, a quick solution is to establish
an IPsec tunnel between the phone and the call manager. An old 486
laptop running OpenBSD is a good
fit for that task. You could also run opportunistic encryption with
OpenSwan on Linux.