Extract RTP sequence numbers from RTP over QUIC
Hi all,
I am working on a project comparing RTP over QUIC with RTP over UDP and as part of the analysis, I need to extract RTP packets using tshark (version 3.6.1). For UDP this works fine and I get the following output:
27 0.458323526 10.0.0.3 → 10.0.0.1 RTP 66 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19574, Time=232402115
28 0.458435984 10.0.0.3 → 10.0.0.1 RTP 59 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19575, Time=232402115
29 0.458677981 10.0.0.3 → 10.0.0.1 RTP 1442 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19576, Time=232402115
30 0.458696067 10.0.0.3 → 10.0.0.1 RTP 1442 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19577, Time=232402115
31 0.458714425
This is exactly what I am looking for. However, for QUIC I am struggling to produce equivalent output. By providing the SSL keys I am able to decrypt the QUIC packets and view the stream data but I have been unable to decode this data as RTP packets. As a last resort, I am considering passing -O quic to tshark and extracting the first 4 bytes from the stream data for each packet In order to identify the RTP sequence number but I feel that there must be a better way.
Unfortunately, I am unable to upload the pcap files I am working with due to my account being new. Does anyone know how I would extract the RTP sequence numbers from a pcap of a QUIC transmission?
Put the file(s) you would like to share on a public file share - Dropbox, Google, Microsoft, ... - then update your question with a link to them.
Could you verify that the data should be in the 'stream data'? The stream date is like TCP over QUIC. I guess you have to look for the DG (Datagram) in the trace, which is the equivalent to UDP over QUIC.