Wireshark-users: Re: [Wireshark-users] RTP statistics via command line

From: Sake Blok <sake@xxxxxxxxxx>
Date: Sun, 11 Jan 2009 09:42:09 +0100
On Sat, Jan 10, 2009 at 11:45:09PM +0000, MKS wrote:
> 
> I was wondering if it's possible todo the following via command line
> 
> 1) load capture file

tshark -r <file> ...


> 2) decode as RTP

tshark should find the same rtp streams as Wireshark does, but if they
don't find all the streams, you might want to look for rtp in every
stream with:

... -o rtp.heuristic_rtp:TRUE ...

>From the preferences file:
# If call control SIP/H323/RTSP/.. messages are missing in the trace,
# RTP isn't decoded without this
# TRUE or FALSE (case-insensitive).
rtp.heuristic_rtp: FALSE


> 3) run RTP statistics

... -qz rtp,streams ...

>From the tshark manpage:
-z rtp,streams
    Collect statistics for all RTP streams and calculate max. delta,
    max. and mean jitter and packet loss percentages.

The extra 'q' is to make tshark only dump the statistics, not the packet
list.


> 4) save statistics info into file.

... > rtp-stats.txt


Putting it all together on the example trace from the wiki
(http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=rtp_example.raw.gz):

$ tshark -r rtp_example.raw.gz -o rtp.heuristic_rtp:TRUE -qz rtp,streams
========================= RTP Streams ========================
    Src IP addr  Port    Dest IP addr  Port       SSRC          Payload Pkts         Lost   Max Delta(ms)  Max Jitter(ms) Mean Jitter(ms) Problems?
     10.1.3.143  5000       10.1.6.18  2006 0xDEE0EE8F ITU-T G.711 PCMA 236     0 (0.0%)           34.83            0.83 0.37
      10.1.6.18  2006      10.1.3.143  5000 0xF3CB2001 ITU-T G.711 PCMA 229     1 (0.4%)           86.12            7.34 2.84 X
==============================================================

sablo@BLOK /cygdrive/c/temp
$

Is this what you are looking for?

Cheers,
    Sake