This is our old Q&A Site. Please post any new questions and answers at

I have a valid capture in pcap-ng format(version 1.0) using tshark command like this:

tshark -i wlp2s0 -n -f "host and udp port 9078" -w capture_tshark_1.pcapng

I want to extract RTP payload in binary format and store it in a file and be reproducible.

I tried this to extract binary data in ASCII format:

tshark -nr capture_tshark_1.pcapng -T fields -e rtp.payload > captura_tshark_1_ascii_data

But it produces empty output. I guess it fails because RTP packets are not detected as RTP streams, because if I open the original capture (capture_tshark_1.pcapng) with Wireshark this is what I see:

Wireshark screenshot UDP

It seems that the packets are detected as UDP, not as RTP. So I guess there is no such "rtp.payload" fields to be parsed.

If this works I have a method to transform ASCII data to binary format.

So, again, how can I extract RTP payload in binary format from a capture file?

asked 28 Feb '17, 03:03

logoff's gravatar image

accept rate: 0%

edited 28 Feb '17, 04:37

grahamb's gravatar image

grahamb ♦

Check Analyze|Enabled Protocols|RTP|rtp_udp

permanent link

answered 28 Feb '17, 04:05

Jaap's gravatar image

Jaap ♦
accept rate: 14%

I'm using tshark, not Wireshark.

(28 Feb '17, 05:46) logoff
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 28 Feb '17, 03:03

question was seen: 3,459 times

last updated: 28 Feb '17, 05:46

p​o​w​e​r​e​d by O​S​Q​A