This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Extract RTP payload from capture file using tshark

0

I have a valid capture in pcap-ng format(version 1.0) using tshark command like this:

tshark -i wlp2s0 -n -f "host 192.168.10.48 and udp port 9078" -w capture_tshark_1.pcapng

I want to extract RTP payload in binary format and store it in a file and be reproducible.

I tried this to extract binary data in ASCII format:

tshark -nr capture_tshark_1.pcapng -T fields -e rtp.payload > captura_tshark_1_ascii_data

But it produces empty output. I guess it fails because RTP packets are not detected as RTP streams, because if I open the original capture (capture_tshark_1.pcapng) with Wireshark this is what I see:

Wireshark screenshot UDP

It seems that the packets are detected as UDP, not as RTP. So I guess there is no such "rtp.payload" fields to be parsed.

If this works I have a method to transform ASCII data to binary format.

So, again, how can I extract RTP payload in binary format from a capture file?

asked 28 Feb '17, 03:03

logoff's gravatar image

logoff
6112
accept rate: 0%

edited 28 Feb '17, 04:37

grahamb's gravatar image

grahamb ♦
19.8k330206

One Answer:

0

Check Analyze|Enabled Protocols|RTP|rtp_udp

answered 28 Feb '17, 04:05

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

I'm using tshark, not Wireshark.

(28 Feb '17, 05:46) logoff