Hello, i try to solve one problem. I have one capture stream taken with tshark. In this file is many VOIP calls( SIP/RTP/G729 ). In wireshark GUI i can do what i can, but when i try filter some call from cmd is there big problem. When i use this: I get right (SIP, UPD, TCP etc...) load in i get all load in call.raw as UDP. I need to get RTP. I use TShark 1.6.1 on GNU/Linux CentOS 6. Please anyone have some sugestion? asked 04 Aug '11, 03:46  JamesBorg edited 04 Aug '11, 16:12  helloworld |
2 Answers:
Your filter probably excluded the call-setup packets from the trace file which Wireshark uses to know when to dissect UDP as RTP. Try setting the RTP preference "Try to decode RTP outside of conversations". answered 04 Aug '11, 05:53  JeffMorriss ♦ |
You can concatenate raw payloads and put them in a file. Note that this will not work all the time, for example if your RTP flow contains rfc2833/4733 DTMF or DTX packets. With the RTP preference "Try to decode RTP outside of conversations" enabled, use this : You will see hexadecimal payloads. This output can then be converted to raw bytes using : answered 20 Nov '11, 09:03  guillaume te... |
thanks for ansver. I try something new :
tshark -r capturefile -R "ip.src==10.1.0.12 && udp.srcport==52140 && ip.dst==10.1.0.11 && udp.dstport==52382 && rtp.ssrc==0x9B0" -d udp.port==52140,rtp -w outstream
it is now work for me, but how can i save payload of rtp from outstream? In wireshark GUI i know (telephony -> rtp -> show all stream -> analize -> save payload) Question is how can I do this in cmd?
That's really a new question which, coincidentally, is the same as this one.
not same, but OK:). But no ansver there :(
OK, sorry, sounded the same to me. Anyway, I think there's no answer because it's not possible--but I don't work with RTP.