Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Extract RTP sequence numbers from RTP over QUIC

Hi all,

I am working on a project comparing RTP over QUIC with RTP over UDP and as part of the analysis, I need to extract RTP packets using tshark (version 3.6.1). For UDP this works fine and I get the following output:

27 0.458323526 10.0.0.3 → 10.0.0.1 RTP 66 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19574, Time=232402115 28 0.458435984
10.0.0.3 → 10.0.0.1 RTP 59 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19575, Time=232402115 29 0.458677981
10.0.0.3 → 10.0.0.1 RTP 1442 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19576, Time=232402115 30 0.458696067
10.0.0.3 → 10.0.0.1 RTP 1442 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19577, Time=232402115 31 0.458714425

This is exactly what I am looking for. However, for QUIC I am struggling to produce equivalent output. By providing the SSL keys I am able to decrypt the QUIC packets and view the stream data but I have been unable to decode this data as RTP packets. As a last resort, I am considering passing -O quic to tshark and extracting the first 4 bytes from the stream data for each packet In order to identify the RTP sequence number but I feel that there must be a better way.

Unfortunately, I am unable to upload the pcap files I am working with due to my account being new. Does anyone know how I would extract the RTP sequence numbers from a pcap of a QUIC transmission?

Extract RTP sequence numbers from RTP over QUIC

Hi all,

I am working on a project comparing RTP over QUIC with RTP over UDP and as part of the analysis, I need to extract RTP packets using tshark (version 3.6.1). For UDP this works fine and I get the following output:

27 0.458323526     10.0.0.3 → 10.0.0.1
  10.0.0.3 → 10.0.0.1 RTP 66 PT=DynamicRTP-Type-96,
  SSRC=0x9291B292, Seq=19574,
  Time=232402115    PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19574, Time=232402115
28 0.458435984 
10.0.0.3 → 10.0.0.1
10.0.0.3 → 10.0.0.1 RTP 59 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19575, Time=232402115 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19575, Time=232402115 29 0.458677981
10.0.0.3 → 10.0.0.1
10.0.0.3 → 10.0.0.1 RTP 1442 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19576, Time=232402115 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19576, Time=232402115 30 0.458696067
10.0.0.3 → 10.0.0.1
10.0.0.3 → 10.0.0.1 RTP 1442 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19577, Time=232402115 PT=DynamicRTP-Type-96, SSRC=0x9291B292, Seq=19577, Time=232402115 31 0.458714425

0.458714425

This is exactly what I am looking for. However, for QUIC I am struggling to produce equivalent output. By providing the SSL keys I am able to decrypt the QUIC packets and view the stream data but I have been unable to decode this data as RTP packets. As a last resort, I am considering passing -O quic to tshark and extracting the first 4 bytes from the stream data for each packet In order to identify the RTP sequence number but I feel that there must be a better way.

Unfortunately, I am unable to upload the pcap files I am working with due to my account being new. Does anyone know how I would extract the RTP sequence numbers from a pcap of a QUIC transmission? transmission?