I tried this script and I get a csv file with all content except the RTP sequence number. I've already used "-e rtp.seq": tshark -Y "udp.srcport == 2346" -T fields -n -r "C:\not_land.pcap" -E separator=, -e ip.src -e ip.dst -e ip.proto -e udp.srcport -e rtp.seq >> "C:\not_land.csv" Is there any problem with this command? asked 28 Apr '15, 00:05  DiveDave |
One Answer:
Either use Wireshark to set the preference 'Try to decode RTP outside of conversations' or pass it in via the command line. answered 28 Apr '15, 09:07  Jaap ♦ |
Thanks for helping. I solved this problem by adding "-o rtp.heuristic_rtp:TRUE" in my command :)