Ethereal-users: Re: [Ethereal-users] VoIP?s conversation saved in a file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: José Luis Gómez <jlgomez@xxxxxxxxxx>
Date: Tue, 13 Dec 2005 09:06:26 +0100
Hello,
if it's G.711 and you can not decode it, perhaps it contains Annex II silence supression frames (they have only a few bytes of payload according to RFC3389). You will have to set a filter to get rid of those silence frames. I would use only the Ethereal to do this and save into an AU file, rather than using the script mentioned below. If you just take the payload out from the G.711 RTP frames, do not forget it's not linear PCM but A or mu-law encoded when you import it from some audio software. Perhaps if you manage to accomplish this with Ethereal, you will manage later to do it with command line utilities and extract the audio from it with the script.

Best regards
Jose
DAIGLE, ANDREW PAUL wrote:

I haven't used rtp_dump.pl, so I can only offer the following suggestions:

First, you need to verify that you really are capturing the packets you
think you are. This may require copying the dump.pcap file to another
machine and opening it up in Ethereal. For rtp_dump to work properly, your
capture file must contain only RTP packets and nothing else.

The rtp_dump.pl Wiki page says to isolate the unidirectional RTP packets, so
its sounds like you can't extract both sides of the conversation at the same
time. If you intend to capture both sides, you will have to do some further
filtering to separate the individual streams in the dump.pcap file before
running rtp_dump.

Next, it appears that the script is simply dropping the first 54 bytes of
each packet, regardless of what they actually contain. If you have any IP
options or 802.1q VLAN headers, this could leave some header bytes in the
RTP stream, thereby corrupting it.
Finally, the resulting file from the script will still only be a raw dump
file of the RTP stream and will need yet another program to convert it into
a playable audio file.

The Wiki page says that rtp_dump.pl is just a quick and simple example that
needs a lot of work. I would use tethereal to capture the RTP data, but I
would recommend copying the dump.pcap file to a machine that can run the
Ethereal GUI and use that to convert the RTP streams into playable audio
files.
That's about all the help I can offer.

Andrew


-----Original Message-----
From: Leo Zicovich [mailto:leozicovich@xxxxxxxxxxx] Sent: Friday, December 09, 2005 6:13 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] VoIP?s conversation saved in a file


yes, it is using G.711.

----------------------------


My guess is that your voice codec is not G.711. From
what I understand,
rtp_dump will not work with other codecs. Can you find
out which codec your
VoIP phones are using? Probably G.729.

Andrew

-----Original Message-----
From: Leo Zicovich [mailto:leozicovich@xxxxxxxxxxx] Sent: Monday, December 05, 2005 12:13 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] VoIP?s conversation
saved in a file

Hello Andrew, Thank for your answer.

What I am trying to do is:

[root@ivr01 tmp]# tethereal udp -i eth0 -n -l -w
dump.pcap -F libpcap and host 172.16.12.20 and not
port snmp and host not 172.16.12.4

and after that use rtp_dump.pl to decode dump.pcap
file but it does not work.

also I have tried with "-d udp.port==19558,rtp" but it
does not work.

Other important problem I have found today:
I am using a cisco gw in my network with an IVR: CISCO-GW1 --> IVR --> CISCO-GW2, and I am using that
tethereal comman line on the IVR, but I get only the
udp packet's for the first connection (CISCO-GW1 -->
IVR), so as soon the transfer is done (IVR -->
CISCO-GW2) and the communications established, nothing
is captured. Is it enough clear? I hope so.

Anyone know why is it happening?
Many thank in advance

ciao,

Leonardo


   * Subject: RE: [Ethereal-users] VoIP?s
conversation saved in a file
   * From: "DAIGLE, ANDREW PAUL"
<ADAIG90@xxxxxxxxxxx>
   * Date: Fri, 2 Dec 2005 09:43:33 -0600

Capture your VoIP traffic, then make sure the voice
streams are being decoded as "RTP". In other words, if
the RTP traffic is on a non-standard port and all you
see are UDP packets, you need to right-click on one of
the packets and select "Decode As..." and choose RTP
from the list.

Highlight a packet in the voice stream you want to
save and select Statistics -> RTP -> Stream Analysis
In the RTP Stream Analysis window select "Save
payload". Choose the location you want to save the
file, select the .au format, change the channels to
"both", give the file a name (voip_stream.au) and
click Ok. The .au file can then be played back in a
media player.

Caveat: This really only works if the voice stream is
encoded using the G.711 PCMU or PCMA codecs. Also, I
don't think this can be done from a command line.

Andrew


-----Original Message-----
From: Leo Zicovich [mailto:leozicovich@xxxxxxxxxxx] Sent: Friday, December 02, 2005 4:51 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] VoIP?s conversation saved in
a file

Hello everyone,

I have some question using Ethereal in VoIP
environment. Basically, I need to know how to have VoIP's
conversation saved in a file to be played later. On a
linux line command (important).
Or any link where to get some examples.

Any help would be appreciated.
Thank in advance

Sincerely,

Leonardo


		
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users



begin:vcard
fn:Jose Luis Gomez
n:Gomez;Jose Luis
org:AND
adr;dom:;;Madrid RdP
email;internet:jlgomez@xxxxxxxxxx
title:VoIP TPL
tel;work:2411-1107
tel;cell:2411-1369
x-mozilla-html:TRUE
version:2.1
end:vcard