I am investigating the SIP signaling and RTP media in VoLTE traffic. I can see RTP header but was told that the RTP payload and the SIP packets are all encrypted in IPsec. Is this true? If yes, at what interface I can see the decrypted packets?
Thanks.
There are two technologies named SIP over TLS and RTP over TLS but I have never seen that implimented in IMS core for the 15 years I have worked.Definetely not IPSEC.I have seens only in one place where IPSEC is used in mobile voice core .that is between EPDG and UE for voWIFI thats it.For the RTP header capture that is the normal mode of operation of most of the probes when it comes to RTP capturing since it is a huge volume to capture.Certainly if you are using a Netscout probe it is Header only since header has all the information required for us to troubleshoot.
some basestation is not encrypted for lte and nr
One small thing I forgot to mention is that there are two different concepts named encryption and encapsulation.IPsec do both encryption as well as encapsulation while GRE do encapsulation only and TLS do encryption only.In telco GRE is the usual encapsulation method and TLS happened to be the encryption mechanism most of the time.