Ethereal-users: RE: [Ethereal-users] VoIP?s conversation saved in a file
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "DAIGLE, ANDREW PAUL" <ADAIG90@xxxxxxxxxxx>
Date: Mon, 12 Dec 2005 11:32:57 -0600
I haven't used rtp_dump.pl, so I can only offer the following suggestions: First, you need to verify that you really are capturing the packets you think you are. This may require copying the dump.pcap file to another machine and opening it up in Ethereal. For rtp_dump to work properly, your capture file must contain only RTP packets and nothing else. The rtp_dump.pl Wiki page says to isolate the unidirectional RTP packets, so its sounds like you can't extract both sides of the conversation at the same time. If you intend to capture both sides, you will have to do some further filtering to separate the individual streams in the dump.pcap file before running rtp_dump. Next, it appears that the script is simply dropping the first 54 bytes of each packet, regardless of what they actually contain. If you have any IP options or 802.1q VLAN headers, this could leave some header bytes in the RTP stream, thereby corrupting it. Finally, the resulting file from the script will still only be a raw dump file of the RTP stream and will need yet another program to convert it into a playable audio file. The Wiki page says that rtp_dump.pl is just a quick and simple example that needs a lot of work. I would use tethereal to capture the RTP data, but I would recommend copying the dump.pcap file to a machine that can run the Ethereal GUI and use that to convert the RTP streams into playable audio files. That's about all the help I can offer. Andrew -----Original Message----- From: Leo Zicovich [mailto:leozicovich@xxxxxxxxxxx] Sent: Friday, December 09, 2005 6:13 AM To: ethereal-users@xxxxxxxxxxxx Subject: [Ethereal-users] VoIP?s conversation saved in a file yes, it is using G.711. ---------------------------- My guess is that your voice codec is not G.711. From what I understand, rtp_dump will not work with other codecs. Can you find out which codec your VoIP phones are using? Probably G.729. Andrew -----Original Message----- From: Leo Zicovich [mailto:leozicovich@xxxxxxxxxxx] Sent: Monday, December 05, 2005 12:13 PM To: ethereal-users@xxxxxxxxxxxx Subject: RE: [Ethereal-users] VoIP?s conversation saved in a file Hello Andrew, Thank for your answer. What I am trying to do is: [root@ivr01 tmp]# tethereal udp -i eth0 -n -l -w dump.pcap -F libpcap and host 172.16.12.20 and not port snmp and host not 172.16.12.4 and after that use rtp_dump.pl to decode dump.pcap file but it does not work. also I have tried with "-d udp.port==19558,rtp" but it does not work. Other important problem I have found today: I am using a cisco gw in my network with an IVR: CISCO-GW1 --> IVR --> CISCO-GW2, and I am using that tethereal comman line on the IVR, but I get only the udp packet's for the first connection (CISCO-GW1 --> IVR), so as soon the transfer is done (IVR --> CISCO-GW2) and the communications established, nothing is captured. Is it enough clear? I hope so. Anyone know why is it happening? Many thank in advance ciao, Leonardo * Subject: RE: [Ethereal-users] VoIP?s conversation saved in a file * From: "DAIGLE, ANDREW PAUL" <ADAIG90@xxxxxxxxxxx> * Date: Fri, 2 Dec 2005 09:43:33 -0600 Capture your VoIP traffic, then make sure the voice streams are being decoded as "RTP". In other words, if the RTP traffic is on a non-standard port and all you see are UDP packets, you need to right-click on one of the packets and select "Decode As..." and choose RTP from the list. Highlight a packet in the voice stream you want to save and select Statistics -> RTP -> Stream Analysis In the RTP Stream Analysis window select "Save payload". Choose the location you want to save the file, select the .au format, change the channels to "both", give the file a name (voip_stream.au) and click Ok. The .au file can then be played back in a media player. Caveat: This really only works if the voice stream is encoded using the G.711 PCMU or PCMA codecs. Also, I don't think this can be done from a command line. Andrew -----Original Message----- From: Leo Zicovich [mailto:leozicovich@xxxxxxxxxxx] Sent: Friday, December 02, 2005 4:51 AM To: ethereal-users@xxxxxxxxxxxx Subject: [Ethereal-users] VoIP?s conversation saved in a file Hello everyone, I have some question using Ethereal in VoIP environment. Basically, I need to know how to have VoIP's conversation saved in a file to be played later. On a linux line command (important). Or any link where to get some examples. Any help would be appreciated. Thank in advance Sincerely, Leonardo ___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
- Follow-Ups:
- Re: [Ethereal-users] VoIP?s conversation saved in a file
- From: José Luis Gómez
- Re: [Ethereal-users] VoIP?s conversation saved in a file
- Prev by Date: [Ethereal-users] How can I use Ethereal (0.10.13) to figure-out un-closed TCP connections
- Next by Date: [Ethereal-users] UNSTABLE string at the end of packet info
- Previous by thread: [Ethereal-users] VoIP?s conversation saved in a file
- Next by thread: Re: [Ethereal-users] VoIP?s conversation saved in a file
- Index(es):