Hi,
When taking this capture with tcpdump a snap length was applied, so that not all
of the RTP payload was saved in the capture file. With data missing the RTP
payload stream cannot be restored.
Thanks,
Jaap
On 02/20/2011 10:41 PM, nangergong wrote:
hi, all
I used tcpdump to capture VOIP traffic on linux platform. The
captured data are in .pcap format
And then I opened the .pcap using wireshark.
I've configured the preference->protocol->SSL->RSA keylist, so if I
used wireshark for capturing VOIP traffic, the wireshark GUI will show
the RTP format and RTCP packets. But if I open the .pcap files which are
captured by tcpdump, I need to mannually decode those UDP packets as RTP
packets.
After decoding UDP->RTP and RTCP, I used VOIP->RTP->RTP Stream
Analysis to extract .raw from these packets. However, when I want to
save these .raw files, Wireshark prompts:
*Can't save forward direction in a file: Wrong length of captured packets!
Does anyone know how to tackle this problem? Thank you!
*