i try to solve one problem.
I have one capture stream taken with tshark. In this file is many VOIP calls( SIP/RTP/G729 ).
In wireshark GUI i can do what i can, but when i try filter some call from cmd is there big problem.
When i use this:
I get right (SIP, UPD, TCP etc...) load in
i get all load in call.raw as UDP. I need to get RTP.
I use TShark 1.6.1 on GNU/Linux CentOS 6. Please anyone have some sugestion?
Your filter probably excluded the call-setup packets from the trace file which Wireshark uses to know when to dissect UDP as RTP. Try setting the RTP preference "Try to decode RTP outside of conversations".
answered 04 Aug '11, 05:53
You can concatenate raw payloads and put them in a file. Note that this will not work all the time, for example if your RTP flow contains rfc2833/4733 DTMF or DTX packets. With the RTP preference "Try to decode RTP outside of conversations" enabled, use this :
You will see hexadecimal payloads. This output can then be converted to raw bytes using :
answered 20 Nov '11, 09:03