Capture rtp streams using tcpdump

Source: Internet
Author: User
Modify tcpdump with current tcpdump-3.9.4tcpdump.ccaseT: if (strcasecmp (optarg, vat) 0) then; elseif (strcasecmp (optarg, wb) 0) packettypePT_WB; elseif (strcasecmp (optarg, rpc)

ModifyTcpdump, Currently usedTcpdump-3.9.4

Tcpdump. c

Case 'T ':
If (strcasecmp (optarg, "vat") = 0)
Packettype = PT_VAT;
Else if (strcasecmp (optarg, "wb") = 0)
Packettype = PT_WB;
Else if (strcasecmp (optarg, "rpc") = 0)
Packettype = PT_RPC;
Else if (strcasecmp (optarg, "rtp") = 0)
Packettype = PT_RTP;
Else if (strcasecmp (optarg, "rtcp") = 0)
Packettype = PT_RTCP;
Else if (strcasecmp (optarg, "snmp") = 0)
Packettype = PT_SNMP;
Else if (strcasecmp (optarg, "cnfp") = 0)
Packettype = PT_CNFP;
Else if (strcasecmp (optarg, "tftp") = 0)
Packettype = PT_TFTP;
Else if (strcasecmp (optarg, "aodv") = 0)
Packettype = pt_oscar;
Else if (strcasecmp (optarg, "cmd") = 0)
{
Packettype = PT_CMD;
Snaplen = 65535;
}

Print-udp.c

Void
Udp_print (register const u_char * bp, u_int length,
Register const u_char * bp2, int fragmented)

Modified the following function call and printed the extension header.

Case PT_RTP:
If (! Quiet_mode)
Udpipaddr_print (ip, sport, dport );
/* Rtp_print (void *) (up + 1), length, up );*/
Mvision_rtp_print (void *) (up + 1), length, up );
Break;

Run tcpdump to check the extended rtp header.

[Root @ ME_9_173 bin] # tcpdump2-Trtp udp and port 6000 | more
Tcpdump2: verbose output suppressed, use-v or-vv for fullprotocol decode
Listening on eth1, link-type EN10MB (Ethernet), capture size 68 bytes
11:39:16. 095734 IP 10.50.78.45.20002> 224.50.78.208.6000: rtplen 1340, rtp_ext_version: 2, B
Ig_endian_flag: 1
RtpHeader: version 2, p 0, x 1, cc 0, m 0, pt 96, seq 7994, offset37730848, keyId 4028434570
RtpHeaderExt: frameNumber 3832, length 2, version 1, k 0, ft 1, mode 1, nextMeFlag 0, rev 0, pa
CketNumber 26, sessionId 0

11:39:16. 099068 IP 10.50.62.41.20016> 237.84.52.247.6000: rtp len 1340, rtp_ext_version: 2, B
Ig_endian_flag: 1
RtpHeader: version 2, p 0, x 1, cc 0, m 0, pt 96, seq 58450, offset43362138, keyId 4026622466
RtpHeaderExt: frameNumber 4234, length 2, version 1, k 0, ft 3, mode 1, nextMeFlag 0, rev 0, pa
CketNumber 0, sessionId 0

11:39:16. 099581 IP 10.50.78.45.20002> 224.50.78.208.6000: rtp len 1340, rtp_ext_version: 2, B
Ig_endian_flag: 1
RtpHeader: version 2, p 0, x 1, cc 0, m 0, pt 96, seq 7995, offset37732164, keyId 4028434570
RtpHeaderExt: frameNumber 3832, length 2, version 1, k 0, ft 1, mode 1, nextMeFlag 0, rev 0, pa
CketNumber 27, sessionId 0

In addition, we found that tcpdump's udp packet capture shows the udp length, instead of the ip header.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.