cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
150255
Views
57
Helpful
19
Replies

How to save RTP Streams from Wireshark and Play it using an application called Audacity

astanislaus
Level 2
Level 2

I use dto do this regularly a couple of years ago and used to know all the steps to get the RTP streams from Wireshark and then save that into a file and then play it using an application called Audacity.

I think the steps I used to do were:

1. In Wireshark - Setup a display filer   for   displaying   RTP only.

2. Then in Wireshark ----> Under  Statistics  -----> Show All Streams -----> Then Analyze ------> Then save Payload as "raw" or "au" can't remember - forward / reverse / both

3. Then play the saved file using Audacity.

Am I clear in stating what I need.

Now when I do the above I can't play the file with Audacity.

Audacity says:

Audacity did not recognise the type of the file. If it is uncompressed, try importing it using "Import Raw".

One has to keep using these to not forget the steps.

Any help much appreciated.

3 Accepted Solutions

Accepted Solutions

If the RTP stream uses G.711, you can use directly the wireshark audio player:

- in Wireshark - Telephony - Voip Calls

- select a call - then click on Player button

- click on Decode button

- select one or more stream and so click on Play

You can also use RTP analyze tool to save the audio in .au format and play it with Audacity.

If you prefer save the file in .raw format, you can open Audacity and import the file as raw and specify the A-Law codic for G.711A or u-Law coding for G.711u and so the sample frequency equal to 8000 Hz.

Regards.

View solution in original post

I'm agree with you, probably the codec used in the call is not G.711.

What is the signalling protocol used in the call? You can find the codec selected during call setup phase.

What is the codec showed from wireshark?

Regards.

View solution in original post

If you want save and reproduce an audio flow based on RTP G.729 call you can try this procedure:

- save the RTP G.729 Payload in .raw format using wireshark

- convert the .raw file to .pcm using the "open G.729 decoder", see the link http://www.voiceage.com/openinit_g729.php

syntax example:

va_g729_decoder.exe sample.raw sample.pcm.raw

or

wine va_g729_decoder.exe sample.raw sample.pcm.raw (for linux OS)

- import the new .raw file into Audacity using this options:

     - signed 16-bit pc

     - no endianness

     - 1 channel (mono)

     - start offset: 0

     - amount to import: 100%

     - sample rate: 8000

Regards.

View solution in original post

19 Replies 19

If the RTP stream uses G.711, you can use directly the wireshark audio player:

- in Wireshark - Telephony - Voip Calls

- select a call - then click on Player button

- click on Decode button

- select one or more stream and so click on Play

You can also use RTP analyze tool to save the audio in .au format and play it with Audacity.

If you prefer save the file in .raw format, you can open Audacity and import the file as raw and specify the A-Law codic for G.711A or u-Law coding for G.711u and so the sample frequency equal to 8000 Hz.

Regards.

Hi Daniele,

Great answer here +5 for sure!

Cheers!

Rob

"Show a little faith, there's magic in the night" - Springsteen

Thanks for your response.

Very much appreciated. Was very informative.

This is my current situation with 3 your suggestions:

Daniele,

Your suggestion 1’s result:

In Wireshark ----> Under Statistics --->I have VoIP calls.

(I don’t see VoIP calls under Telephony –> may be a different version of Wireshark).

Anyway, there is only one call because the Wireshark had a Capture Filter to track information between one source and one destination IP address. So I select that call and click on Player button and then click on Decode button. Then I select the forward stream (From IP1 to IP2) and click on play and I don’t hear anything at all. All silence. Same when I select the reverse stream from IP2 to IP1 and play.

Your suggestion 2’s result:

In Wireshark ---> Under Statistics ---> I Selected Stream Analysis (Did not select Show All Streams – not sure what the difference is) then ---> Save Payload ----> Select “au” instead of raw and it says – “Can’t save in a file:saving in au format supported only for alaw / ulaw stream

Your suggestion 3’s result:

Saved the file in .raw format. Opened Audacity and imported the file as raw and specified FIRST the A-Law codec for G.711A and selected 8000hz and that didn’t work and SECOND tried the u-Law coding for G.711u and selected the sample frequency again equal to 8000 Hz and that didn't work.

Didn't work means:

When I played the imported information I get all noise (like heavy metallic sound) and no voice.

So my guess is that this capture is neither A-Law or u-Law codec - right. This capture was given to me by a customer.

Any other suggestions – much appreciated Daniele.

I'm agree with you, probably the codec used in the call is not G.711.

What is the signalling protocol used in the call? You can find the codec selected during call setup phase.

What is the codec showed from wireshark?

Regards.

Daniele,

Thanks again.

It is G.729. Sorry I should have seen that before in Wireshark.

So is there anyway I can play this using AUdacity or any other application / tool.

Regards

Alphonse

If you want save and reproduce an audio flow based on RTP G.729 call you can try this procedure:

- save the RTP G.729 Payload in .raw format using wireshark

- convert the .raw file to .pcm using the "open G.729 decoder", see the link http://www.voiceage.com/openinit_g729.php

syntax example:

va_g729_decoder.exe sample.raw sample.pcm.raw

or

wine va_g729_decoder.exe sample.raw sample.pcm.raw (for linux OS)

- import the new .raw file into Audacity using this options:

     - signed 16-bit pc

     - no endianness

     - 1 channel (mono)

     - start offset: 0

     - amount to import: 100%

     - sample rate: 8000

Regards.

Daniele,

Thanks a lot.

You are a champion.

I really appreciate your help on this issue.

It works.

Thanks again.

Regards

Alphonse

Daniele,

This one deserves an endorsement! Excellent ideas. On this note Daniele, do you know how to decode SCCP traffic in wireshark..I spoke to one of the Cisco chaps and I was told that they have a special wireshark version that decodes SCCP traffic...Do you know if there is another way to decode them or the version that can decode sccp packets

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

What is the name this a special wireshark version?

what to do if the RTP stream of g.722?


Yuri,

I dont know what the wireshark version is..hece the reason why I asked Danielle but he didnt answer..Lets hope he gets your question and answer US!

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

I know I'm late on this Ayodeji. But the version you are looking for is 

 

1.10.5-TAC-9

 

You may be able to find it out there.

Jay,

Better late than never! Thank you. Do you mind going one step further and let me know where I can get it. It doesn't seem to be on google

Please rate all useful posts

Sorry for the late. What is your version of wireshark?

Can you add a screenshot or a simple skinny pcap trace.

Regards.

Daniele,

Trace attached..

Please rate all useful posts

"The essence of christianity is not the enthronement but the obliteration of self --William Barclay"

Please rate all useful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: