This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi everyone, I need to analyze a sequence of RTP packets, in order to try to listen the payload and \or to convert it to wav. I understand that under Telephony -> RTP Wireshark permits to analyze inbound \ outbound streams but, here is the problem, i've no stream, i only have a file with all RTP packets one after another (this is not a Wireshark dump).

Is there any way to try to analize that file.

Thanks in advance to everyone.

asked 11 Jul '17, 00:32

iplaga's gravatar image

iplaga
6112
accept rate: 0%

Is it a pcap file or at least something that Wireshark can open?

(11 Jul '17, 00:55) sindy

You need to convert raw file with RTP packets into .pcap format, or other formats compatible with wireshark.

permanent link

answered 11 Jul '17, 01:49

Nomad's gravatar image

Nomad
6122
accept rate: 0%

A "stream" is just a logical view of a group of packets. So what you need is to sort out the packets up to some properties into "streams". For normal RTP recorded in wild, grouping them by the SSRC field is the easiest way to go, but in some laboratory environments you may have to look at source&destination IP addresses and UDP ports as well because the SSRC values are not generated properly.

So once you have the file open in Wireshark, the first question is whether Wireshark dissects them as RTP or only as plain UDP. If as RTP, you can obtain a list of all RTP streams using Telephony -> RTP -> RTP Streams, then choose one of them for "Analyse stream" and from there either directly play it or save its contents into an .au file. Depending on the codec, this may be enough or not.

If Wireshark could not auto-detect that the UDP packets were RTP ones, you have to apply a display filter udp and !rtp and then randomly choose packets in the packet list, right-click them, choose Decode as... and mark them as RTP ones (both directions) until you have no packets left. Then you can remove the display filter and proceed as written above.

permanent link

answered 11 Jul '17, 02:02

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×238

question asked: 11 Jul '17, 00:32

question was seen: 7,641 times

last updated: 11 Jul '17, 02:02

p​o​w​e​r​e​d by O​S​Q​A