Wireshark-users: Re: [Wireshark-users] VOIP .raw problem: Can't save forward direction in a file:

From: nangergong <nangergong@xxxxxxxxx>
Date: Mon, 21 Feb 2011 20:05:11 +0000
thank you!

so, are there any methods by which I can capture VOIP packets using "tcpdump" and convert .pcap files into .raw files?
I can only capture VOIP stream via a remote command line window.



On Mon, Feb 21, 2011 at 7:49 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
Hi,

When taking this capture with tcpdump a snap length was applied, so that not all of the RTP payload was saved in the capture file. With data missing the RTP payload stream cannot be restored.

Thanks,
Jaap


On 02/20/2011 10:41 PM, nangergong wrote:
hi, all

  I used tcpdump to capture VOIP traffic on linux platform. The
captured data are in .pcap format

  And then I opened the .pcap using wireshark.

 I've configured the preference->protocol->SSL->RSA keylist, so if I
used wireshark for capturing VOIP traffic, the wireshark GUI will show
the RTP format and RTCP packets. But if I open the .pcap files which are
captured by tcpdump, I need to mannually decode those UDP packets as RTP
packets.

  After decoding UDP->RTP and RTCP, I used VOIP->RTP->RTP Stream
Analysis to extract .raw from these packets. However, when I want to
save these .raw files, Wireshark prompts:

*Can't save forward direction in a file: Wrong length of captured packets!

 Does anyone know how to tackle this problem? Thank you!
*


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe