On the server-side, you will need tcpdump (or a similar packet capture utility) and sudo access.
On your local system, Wireshark will be used to filter for the relevant packets and extract their RTP payloads into a raw mu-law audio stream.
Audacity will be used to import the raw mu-law stream and play it back or save to another format.
Packet Capture of the RTP stream
To capture all packets on eth0 and write to packets.pcap, run:
sudo tcpdump -i eth0 -w packets.pcap
Press ctrl+c when done, and copy the packets.pcap file to your local machine.
Export mu-law audio
Open the packet capture in Wireshark and select the Telephony -> RTP -> RTP Streams menu. Choose the relevant RTP stream, and click on “Analyze”.
The analysis step may take some time on longer packet captures. When the analysis window opens, click on the “Save” button, and select the “Unsynchronized forward stream audio” option. Change the output format to “Raw (*.raw)” and save the file.
Import the audio data into Audacity
Open Audacity and select File -> Import -> Raw Data.
Open the file exported from Wireshark, and select the audio stream’s settings. U-law is the right setting for mu-law audio. If the sampling frequency is unknown, a common value is 8000 Hz.
That’s it! Now it can be analyzed, played back, saved, etc.