Hi all,
I am working on a project comparing RTP over QUIC with RTP over UDP and as part of the analysis, I need to extract RTP packets using tshark (version 3.6.1). For UDP this works fine and I get the following output:
27 0.458323526 10.0.0.3 → 10.0.0.1 RTP 66 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19574, Time=232402115 28 0.458435984
10.0.0.3 → 10.0.0.1 RTP 59 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19575, Time=232402115 29 0.458677981
10.0.0.3 → 10.0.0.1 RTP 1442 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19576, Time=232402115 30 0.458696067
10.0.0.3 → 10.0.0.1 RTP 1442 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19577, Time=232402115 31 0.458714425
This is exactly what I am looking for. However, for QUIC I am struggling to produce equivalent output. By providing the SSL keys I am able to decrypt the QUIC packets and view the stream data but I have been unable to decode this data as RTP packets. As a last resort, I am considering passing -O quic to tshark and extracting the first 4 bytes from the stream data for each packet In order to identify the RTP sequence number but I feel that there must be a better way.
Unfortunately, I am unable to upload the pcap files I am working with due to my account being new. Does anyone know how I would extract the RTP sequence numbers from a pcap of a QUIC transmission?
