This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

In order to extract the RTP payload from a pcap file captured by wireshark, I'm using tshark with the command

tshark -nr stream.pcap -R 'rtp && ip.dst==192.168.1.64' -T fields -e rtp.payload

this succeeded with the codecs g.729 and ilbc but with the codec g.723 it wasn't the case. I think that this problem is due to the fact that the field payload of the rtp protocol doesn't exist any more (when consulting the wireshark).

asked 01 Sep '13, 10:27

basma's gravatar image

basma
11112
accept rate: 0%


o solve this problem you have just to disable the protocol g723 in wireshark in the item Enabled Protocols from the Analyze menu then the field "payload" will appear in the protocol rtp and the command

tshark -nr stream.pcap -R 'rtp && ip.dst==192.168.1.64' -T fields -e rtp.payload

will succeed!

permanent link

answered 02 Sep '13, 02:44

basma's gravatar image

basma
11112
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×832
×238
×12
×3

question asked: 01 Sep '13, 10:27

question was seen: 4,947 times

last updated: 02 Sep '13, 02:44

p​o​w​e​r​e​d by O​S​Q​A