This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark: extract rtp payload of the codec G.723

0

In order to extract the RTP payload from a pcap file captured by wireshark, I'm using tshark with the command

tshark -nr stream.pcap -R 'rtp && ip.dst==192.168.1.64' -T fields -e rtp.payload

this succeeded with the codecs g.729 and ilbc but with the codec g.723 it wasn't the case. I think that this problem is due to the fact that the field payload of the rtp protocol doesn't exist any more (when consulting the wireshark).

asked 01 Sep '13, 10:27

basma's gravatar image

basma
11112
accept rate: 0%


One Answer:

0

o solve this problem you have just to disable the protocol g723 in wireshark in the item Enabled Protocols from the Analyze menu then the field "payload" will appear in the protocol rtp and the command

tshark -nr stream.pcap -R 'rtp && ip.dst==192.168.1.64' -T fields -e rtp.payload

will succeed!

answered 02 Sep '13, 02:44

basma's gravatar image

basma
11112
accept rate: 0%