×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to analyze and even extract RTP payloads from a sniffer trace with newer versions of Ethereal

Document

Wed, 11/18/2009 - 18:27
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Core Issue

Ethereal is a free network protocol analyzer for UNIX systems and Microsoft Windows.

For more information, refer to Ethereal.


Resolution

To resolve this issue, perform these steps:


  1. Open your sniffer capture in Ethereal. Make sure to uncheck the boxes for Enable MAC name resolution and Enable transport name resolution. This greatly speeds up the load time.

  2. Find all of your Real-Time Transport Protocol (RTP) streams and make sure they are recognized as RTP streams. If they show up as User Datagram Protocol (UDP) packets, right-click one of the packets, choose Decode As and then select RTP.  Do this for all of the streams you are interested in.

  3. Go to Analyze > Statistics > RTP Streams > Show All.

    Note: The location of RTP Streams > Show all menu items may differ depending on your version of Ethereal.


  4. You should see a window that has a list of all the RTP streams found in the capture file. Select your forward stream by clicking with the left mouse button. Select the reverse stream by holding the Shift key and left clicking on it. Above the buttons at the bottom of the window, it should now list both streams, including IP addresses (Source [SRC] and Destination [DST]) and the RTP Synchronization Source (SSRC) field.

  5. Select the Analyze button. This pops up yet another window with detailed analysis for the RTP streams you selected previously. Select the Save Payload button. Choose which payload you want to save (forward, reverse or both), the filename and the path. This creates a <yourname>.au file in the path you specified that will have both directions of the RTP stream.

  6. If you have difficulty, make sure that before you select the Analyze button that it shows valid forward and reverse streams. If it only picks up one direction of the RTP stream, it will not allow you to save a payload with both directions selected.

Loading.

Actions

This Document