Wireshark mailing list archives
Re: Saving the UDP stream from a wireshark capture session
From: "RUOFF, LARS (LARS)** CTR **" <lars.ruoff () alcatel-lucent com>
Date: Tue, 20 Jul 2010 16:58:34 +0200
Hi, You can save the RTP payload in rtpdump format (http://wiki.wireshark.org/rtpdump). It also contains the size of the packet. This is done from the "RTP Streams" (Telephony->RTP->Show all streams) dialog by pressing the "Save As" button on a selected stream. See also if http://wiki.wireshark.org/RtpDumpScript can be of use to you. Regards, Lars Ruoff -----Original Message----- From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Anirud Sent: mardi 20 juillet 2010 16:25 To: Community support list for Wireshark Subject: [Wireshark-users] Saving the UDP stream from a wireshark capture session Hi all, Now obviously, my ignorance is evident here. I captured all the packets on the wire and want to save just the UDP stream into a raw binary file. The UDP itself contains RTP which contains an H.264 video bitstream. I am interested in this H.264 stream which is carried as per RFC 3984. However, the RTP payload can have one or more NAL units as per the RFC (STAP, FU, MTAP and so forth). So I am going to write a simple parser to extract the raw elementary video stream from the RTP payload. I cannot just save the RTP payload in Wireshark since my parser needs to know the size (length) of each packet's payload and the raw file doesn't have that. So I though of saving the UDP packets since the UDP header has the length field after Source/Destination ports and before the Checksum. I can then strip the RTP headers and parse the RTP payload and extract the H.264 bitstream. However, I just can't figure out how to save the UDP packets with the headers. I can save the UDP payload if I do "Analyze -> Follow Stream" but that saves the payload only, without headers. I don't want the Ethernet and IP headers since that would be another level of detail to understand and then write code to strip out. Sorry for being so stupid but I just can't seem to figure this one out... Anirud ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Saving the UDP stream from a wireshark capture session Anirud (Jul 20)
- Re: Saving the UDP stream from a wireshark capture session RUOFF, LARS (LARS)** CTR ** (Jul 20)