On Mon, Jan 12, 2009 at 11:08:51AM +0000, MKS wrote:
> >> 2) decode as RTP
> >
> >tshark should find the same rtp streams as Wireshark does, but if they
> >don't find all the streams, you might want to look for rtp in every
> >stream with:
>
> >... -o rtp.heuristic_rtp:TRUE ...
>
> Well I tried that, the thing is that i'm trying to decode MPEG TS7/RTP
> stream and wireshark is unable to decode the UDP stream unless I do
> "decode as RTP. "
> rtp.heuristic_rtp doesn't do exactly that.
>
> All I get is blank stats
> ========================= RTP Streams ========================
> Src IP addr Port Dest IP addr Port SSRC
> Payload Pkts Lost Max Delta(ms) Max Jitter(ms) Mean
> Jitter(ms) Problems?
> ==============================================================
>
> Is there some other option that do "decode as RTP" on the command line?
Yes, you can use the -d option like this (performed on the trace in
the below mentioned bug report:
$ tshark -r Wireshark-1.0.4_MPEG-decode-bug_20081119.cap -d
udp.port==80,rtp | head -3
1 0.000000 10.199.0.54 -> 233.22.133.240 RTP PT=MPEG-II transport
streams, SSRC=0x0, Seq=18109, Time=3664199842
2 0.003923 10.199.0.54 -> 233.22.133.240 RTP PT=MPEG-II transport
streams, SSRC=0x0, Seq=18110, Time=3664200221
3 0.008133 10.199.0.54 -> 233.22.133.240 RTP PT=MPEG-II transport
streams, SSRC=0x0, Seq=18111, Time=3664200601
sablo@BLOK /cygdrive/c/temp
$
> Bytheway i'm using wireshark 1.02 on linux, since 1.04 and 1.05
> results in false negatives in the MPEG TS stream decode (but that's
> another bug;)
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3074
>
> >Is this what you are looking for?
>
> Close but not there yet
Getting closer I hope ;-)
Cheers,
Sake
