<When you save an rtpdump file,
what is the format the file is saved in?
<Does it preserve all the headers
(mac, ip, udp, etc) or is it just the rtp information?
The rtpumpfile format in
Ethereal should (at least more or less) correspond to the binary file
format used
by the rtpdump/rtpplay program
(rtptools).
http://www.cs.columbia.edu/IRT/software/rtptools/
You will also find a
description of the fileformat on that page
(but it may cause some
confusion regarding padding/byte order)
I think that the
description/sourcecode in the Ethereal source code
(file:epan/rtp_stream.c) may be a
better source of information:
http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/gtk/rtp_stream.c?view=auto
The ethernet/ip/udp headers are not
stored in the rtpdump file,
but rtp-header and rtp-payload is
stored for each RTP packet
in the stream (and some other
information). There is also a file
header in the beginning of the
file.
When making a program that wants
to use the RTP payload data it is
quite nice to not have to care about
the various variants of protocols that can
be used on lower layers
(possible VLAN-headers, IPv6 or IPv4, EthernetII or ....).
Ethereal is very good on
handling various protocols and file formats (snoop, NAI Sniffer, libpcap,
...).
That is the main reason why
I want to use Ethereal instead of my
old homemade program
to extract rtp-stream
data.
If you want to store the complete
packets including ethernet/ip/udp headers
you can save the stream in e.g.
libpcap format instead.
One way of doing that is to select a
stream in the "RTP Streams" dialogue and press the "Set filter"
button
and the use the "Apply" button in the
filter toolbar to do the filtering.
After that you can use "File/Save
As..." and save the "Displayed" packets.
