Hey Guys,
i dont find a stable solution to convert recorded TURN Traffic with Wireshark to a RTP Stream to analyze it. Hope you can help me :)
If I have a tcp dump with a Turn Session, I have the following Problem:
RTP is encapsulated in TURN | https://tools.ietf.org/rfc/rfc5766.txt
11.4. The ChannelData Message The ChannelData message is used to carry application data between the client and the server. It has the following format: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Channel Number | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | / Application Data / / / | | | +-------------------------------+ | | +-------------------------------+The TURN Packte bring 4 bytes around the RTP Data and will be encoded as STUN packet
Use the "decode as" function does'nt help, because Wireshark then will interpret the TURN header as RTP header with it result in a wrong RTP Version. (RTP Version=1)
Is there any way to remove the enclosing 4bytes from the TURN header (without export manual search&replace) to decode the package as RTP?
The goal should be to see the RTP Header, and can work with the Stream in VoIP::RTP::RTP Stream
Thanks and best regards, Basti
