Modify tcpdump with current tcpdump-3.9.4tcpdump.ccaseT: if (strcasecmp (optarg, vat) 0) then; elseif (strcasecmp (optarg, wb) 0) packettypePT_WB; elseif (strcasecmp (optarg, rpc)
ModifyTcpdump, Currently usedTcpdump-3.9.4
Tcpdump. c
Case 'T ':
If (strcasecmp (optarg, "vat") = 0)
Packettype = PT_VAT;
Else if (strcasecmp (optarg, "wb") = 0)
Packettype = PT_WB;
Else if (strcasecmp (optarg, "rpc") = 0)
Packettype = PT_RPC;
Else if (strcasecmp (optarg, "rtp") = 0)
Packettype = PT_RTP;
Else if (strcasecmp (optarg, "rtcp") = 0)
Packettype = PT_RTCP;
Else if (strcasecmp (optarg, "snmp") = 0)
Packettype = PT_SNMP;
Else if (strcasecmp (optarg, "cnfp") = 0)
Packettype = PT_CNFP;
Else if (strcasecmp (optarg, "tftp") = 0)
Packettype = PT_TFTP;
Else if (strcasecmp (optarg, "aodv") = 0)
Packettype = pt_oscar;
Else if (strcasecmp (optarg, "cmd") = 0)
{
Packettype = PT_CMD;
Snaplen = 65535;
}
Print-udp.c
Void
Udp_print (register const u_char * bp, u_int length,
Register const u_char * bp2, int fragmented)
Modified the following function call and printed the extension header.
Case PT_RTP:
If (! Quiet_mode)
Udpipaddr_print (ip, sport, dport );
/* Rtp_print (void *) (up + 1), length, up );*/
Mvision_rtp_print (void *) (up + 1), length, up );
Break;
Run tcpdump to check the extended rtp header.
[Root @ ME_9_173 bin] # tcpdump2-Trtp udp and port 6000 | more
Tcpdump2: verbose output suppressed, use-v or-vv for fullprotocol decode
Listening on eth1, link-type EN10MB (Ethernet), capture size 68 bytes
11:39:16. 095734 IP 10.50.78.45.20002> 224.50.78.208.6000: rtplen 1340, rtp_ext_version: 2, B
Ig_endian_flag: 1
RtpHeader: version 2, p 0, x 1, cc 0, m 0, pt 96, seq 7994, offset37730848, keyId 4028434570
RtpHeaderExt: frameNumber 3832, length 2, version 1, k 0, ft 1, mode 1, nextMeFlag 0, rev 0, pa
CketNumber 26, sessionId 0
11:39:16. 099068 IP 10.50.62.41.20016> 237.84.52.247.6000: rtp len 1340, rtp_ext_version: 2, B
Ig_endian_flag: 1
RtpHeader: version 2, p 0, x 1, cc 0, m 0, pt 96, seq 58450, offset43362138, keyId 4026622466
RtpHeaderExt: frameNumber 4234, length 2, version 1, k 0, ft 3, mode 1, nextMeFlag 0, rev 0, pa
CketNumber 0, sessionId 0
11:39:16. 099581 IP 10.50.78.45.20002> 224.50.78.208.6000: rtp len 1340, rtp_ext_version: 2, B
Ig_endian_flag: 1
RtpHeader: version 2, p 0, x 1, cc 0, m 0, pt 96, seq 7995, offset37732164, keyId 4028434570
RtpHeaderExt: frameNumber 3832, length 2, version 1, k 0, ft 1, mode 1, nextMeFlag 0, rev 0, pa
CketNumber 27, sessionId 0
In addition, we found that tcpdump's udp packet capture shows the udp length, instead of the ip header.