[cisco-voip] instruction on how to use ethereal to capture voice
Teodor Georgiev
tgeorgiev at is-bg.net
Mon Mar 6 15:10:27 EST 2006
and btw, he will be able to capture RTP packets only with a codec of G711.
----- Original Message -----
From: "Ryan Ratliff" <rratliff at cisco.com>
To: "James Grace" <jgrace at digitelusa.net>
Cc: <cisco-voip at puck.nether.net>
Sent: Monday, March 06, 2006 9:58 PM
Subject: Re: [cisco-voip] instruction on how to use ethereal to capture
voice
> This is copy/pasted from an old techtip of mine. The gist should be
> the same as I don't think Ethereal has changed too much since I wrote
> it.
>
> With newer versions of Ethereal you can analyze and even extract RTP
> payloads from a sniffer trace.
>
> These instructions are valid for Ethereal 0.10.0a. Earlier or later
> versions might have different placement of the RTP Analysis buttons
> but should still work fine.
>
> First open your sniffer capture in Ethereal. Make sure to uncheck
> the boxes for "Enable MAC name resolution" and "Enable transport name
> resolution" to greatly speed up the load time.
>
> Then find all of your RTP streams and make sure they are recognized
> as RTP streams. If they just show up as UDP packets right-click one
> of the packets, choose "Decode As" and then select RTP. Do this for
> all the streams you are interested in.
>
> Then go to Analyze->Statistics->RTP Streams->Show All.
> (This location of the RTP Streams->Show all menu item may differ
> depending on your version of Ethereal)
>
> Now you should see a window that has a list of all RTP streams found
> in the capture file. Select your forward stream by clicking with the
> left mouse button. Select the reverse stream by holding the SHIFT
> key and left-clicking on it. Above the buttons at the bottom of the
> window it should now list both streams, including IP addresses (src,
> dst) and SSRC.
>
> Now hit the Analyze button. This will pop up yet another window with
> detailed analysis for the RTP streams you selected previously. There
> will be a button for "Save Payload". Hit this, and choose which
> payload you want to save (forward, reverse, both) and the filename
> and path. This will create a <yourname>.au file in the path you
> specified that will have both directions of the RTP stream.
>
> If you have difficulties with this make sure before you hit the
> Analyze button it shows a valid forward and reverse streams. If it
> only picks up one direction of the RTP stream it will not allow you
> to save a payload with both directions selected.
>
> -Ryan
>
> On Mar 6, 2006, at 2:43 PM, James Grace wrote:
>
> Can someone instruct me on how to capture voice and play them back
> with ethereal. So far we have the span setup. We also have the
> filter working and have the packets in ethereal. Now what do I do
> with the packets
>
>
>
> James D. Grace
>
> CCNP CCNA MCSE MCDBA
>
> Sr. System Engineer / Professional Svc.
>
> Digitel Corporation
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
More information about the cisco-voip
mailing list