- Gold, 750 points or more
Ethereal is a free network protocol analyzer for UNIX systems and Microsoft Windows.
For more information, refer to Ethereal.
To resolve this issue, perform these steps:
- Open your sniffer capture in Ethereal. Make sure to uncheck the boxes for Enable MAC name resolution and Enable transport name resolution. This greatly speeds up the load time.
- Find all of your Real-Time Transport Protocol (RTP) streams and make sure they are recognized as RTP streams. If they show up as User Datagram Protocol (UDP) packets, right-click one of the packets, choose Decode As and then select RTP. Do this for all of the streams you are interested in.
- Go to Analyze > Statistics > RTP Streams > Show All.
Note: The location of RTP Streams > Show all menu items may differ depending on your version of Ethereal.
- You should see a window that has a list of all the RTP streams found in the capture file. Select your forward stream by clicking with the left mouse button. Select the reverse stream by holding the Shift key and left clicking on it. Above the buttons at the bottom of the window, it should now list both streams, including IP addresses (Source [SRC] and Destination [DST]) and the RTP Synchronization Source (SSRC) field.
- Select the Analyze button. This pops up yet another window with detailed analysis for the RTP streams you selected previously. Select the Save Payload button. Choose which payload you want to save (forward, reverse or both), the filename and the path. This creates a <yourname>.au file in the path you specified that will have both directions of the RTP stream.
- If you have difficulty, make sure that before you select the Analyze button that it shows valid forward and reverse streams. If it only picks up one direction of the RTP stream, it will not allow you to save a payload with both directions selected.