All geek questions in one place

As separate RTP packets from the rest

I have a pcap file with voip talk, how can I separate RTP packets from other packets?

I can receive sip packets, but I cannot distinguish RTP packets from the rest.

+4
source share
4 answers

Locate the RTP headers defined in RFC3550 in your file. Or it is better to use a pcap filter, for example, this wiki (look for "Q: what is a good filter for simple capture of SIP and RTP packets?").

+1
source

If you want to see RTP traffic in wirehark, then:

  • Choose Analyze-> Display Filters ...
  • Select "UDP", OK
  • Right-click on any UDP packet and select "Decode as ..."
  • Select "RTP" from the list, OK
  • Now you can see all the RTP packets.

Hope this helps. :)

ps to note that this is for Wireshark. Thanks to the commentator for pointing this out!

+1
source

Check out the @macs recommendation regarding the PCap filter. If this does not meet your needs (for example, you need to filter RTP packets for a specific SIP session), there is no easy way. You need to parse the SIP messages, get the RTP port numbers, receive packets coming to / from these ports in a certain period of time, and (optionally) check whether these RTP packets are by checking their headers ( magic number in the headers)

+1
source

Open source software that extracts RTP / RTCP packets from a pcap file:

From the source code, you can view and understand the methodologies used.

I can receive sip packets, but I cannot distinguish RTP packets from the rest.

If you can decode SIP, you can find (inside the INVITE message) the SDP message. If you decode it, you can find IP and PORT RTP "stream" (and RTCP => port + 1). Using this information, you can uniquely identify RTP and RTCP packets. Keep in mind that there are often packets (with the same IP-PORT) with the STUN protocol, which must be separated from RTP. You must consider where packet capture is located (network context and restrictions), you can consider NAT.

0
source

Source: https://habr.com/ru/post/1385886/

More articles:


All Articles