Hi guys, I've looked around but haven't been able to find anything that works. How would I extract the RTP payload and dump it to a ts file via the command line interface? Through the GUI, I can simply Decode as RTP and then 'Save payload' for the filtered packets, but haven't been able to succeed with doing this through tshark. Thanks very much! Jero asked 16 May '13, 12:17  Sheh |
One Answer:
You could possibly do it with some scripting, by parsing the PDML output of tshark or by using the output of this command:
but there are other tools that can do it for you automatically.
See also my answer to a similar question:
Something different, but also nice (using tshark) Regards answered 16 May '13, 13:19  Kurt Knochner ♦ edited 16 May '13, 13:38 |
Thanks a lot Kurt. I was able to get the stream to decode as RTP using the -d option as follows:
tshark -r "my.pcap" -R udp.port==<src port=""> -d udp.port==<src port="">,rtp -T fields -e rtp.payload -w "my_ts.ts"
However, at this point the dumped file is 12.9mb and does not play in VLC. If i use the RTP stream analysis "Save payload" option from the GUI, the file size is 12.1mb. I guess I need to figure out what additional content is being dumped...
With
-w "my_ts.ts"tshark writes the whole packet to disk, not the output from-T fields -e rtp.payload. So the resulting file is a pcap file, not a media file.Oops my bad, thanks for catching that.
I was able to get the payload only to dump and convert to binary (very dirty though), but turns out the mp2t headers weren't being dumped. If I include that as a field as well, I first get a dump of all mp2t headers in a packet, followed up all the respective payloads.
At this point, it looks like I'll have to do what Kurt suggested earlier and get my scripts to parse the output and join (luckily the payloads are separated with commas so should be easily doable).
Finally got a chance to look into this again. Ended up using a dump of the 'data' field. I then stripped the RTP headers for each packet data (first 12 bytes) using a simple python script and then converted to binary (python binascii module) after concatenating.
Thanks very much for your help guys.