[cisco-voip] instruction on how to use ethereal to capture voice

Ryan Ratliff rratliff at cisco.com
Mon Mar 6 14:58:40 EST 2006 

This is copy/pasted from an old techtip of mine.   The gist should be  
the same as I don't think Ethereal has changed too much since I wrote  
it.

With newer versions of Ethereal you can analyze and even extract RTP  
payloads from a sniffer trace.

These instructions are valid for Ethereal 0.10.0a.  Earlier or later  
versions might have different placement of the RTP Analysis buttons  
but should still work fine.

First open your sniffer capture in Ethereal.  Make sure to uncheck  
the boxes for "Enable MAC name resolution" and "Enable transport name  
resolution" to greatly speed up the load time.

Then find all of your RTP streams and make sure they are recognized  
as RTP streams.  If they just show up as UDP packets right-click one  
of the packets, choose "Decode As" and then select RTP.  Do this for  
all the streams you are interested in.

Then go to Analyze->Statistics->RTP Streams->Show All.
(This location of the RTP Streams->Show all menu item may differ  
depending on your version of Ethereal)

Now you should see a window that has a list of all RTP streams found  
in the capture file. Select your forward stream by clicking with the  
left mouse button.  Select the reverse stream by holding the SHIFT  
key and left-clicking on it.  Above the buttons at the bottom of the  
window it should now list both streams, including IP addresses (src,  
dst) and SSRC.

Now hit the Analyze button.  This will pop up yet another window with  
detailed analysis for the RTP streams you selected previously.  There  
will be a button for "Save Payload".  Hit this, and choose which  
payload you want to save (forward, reverse, both) and the filename  
and path.  This will create a <yourname>.au file in the path you  
specified that will have both directions of the RTP stream.

If you have difficulties with this make sure before you hit the  
Analyze button it shows a valid forward and reverse streams.  If it  
only picks up one direction of the RTP stream it will not allow you  
to save a payload with both directions selected.

-Ryan

On Mar 6, 2006, at 2:43 PM, James Grace wrote:

Can someone instruct me on how to capture voice and play them back  
with ethereal.  So far we have the span setup.  We also have the  
filter working and have the packets in ethereal.  Now what do I do  
with the packets



James D. Grace

CCNP CCNA MCSE MCDBA

Sr. System Engineer / Professional Svc.

Digitel Corporation



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list