Any point in the middle (between your two endpoints) of your VOIP “conversation” is able to go promiscuous on the network and capture (or quantify) an IP communication stream between you and another endpoint somewhere on the Internet. Unencrypted VOIP traffic will have an easily recognizable packet signature, as does every type of IP traffic. SIP and H323 use special call setup packets, which, when sent unencrypted, will clearly indicate the number dialed. Subtracting the timestamp of the Call-start packet from the timestamp of the Call-stop packet would allow someone in the middle to determine the length of the call.
This is all highly improbable, but still technically possible. Most IP networks I have come across are managed just well enough to stay running – snooping/eavesdropping is generally only done by legitimate authorities and hackers who find unsecured points in ISP networks.
Using IP VPN to encrypt VOIP traffic obfuscates the data stream a little bit, but since RTC traffic is incredibly chatty, it will still be easy to distinguish from other packet types (predictable packet sizes and frequency heading in both directions.)
IP VPN can protect all of the original packet headers (source and destination IP Address, S & D port/protocol, Type of Service, and most importantly, the data stream, including called number!) from prying eyes.
Design of an IPVPN will dictate how ‘secure’ the data stream is (encryption key length, key re-negotiation frequency, etc.) – so if money were no object, an intercepted stream, encrypted or not, would be suceptible to “eavesdropping” – it is just unlikely that eavesdropping would occur in real-time. Re-assembly and/or decryption+re-assembly could be a monumental task, but not impossible…