Wireshark capture rtp packets on Cisco CUBE.

Similar Messages

• How to capture rtp packet??

  Hi,
  can someone plz tell me how to capture rtp packets. And also can u tell me how to remove the rtp header. I want to add another header to the rtp packet. I will be glad if u can also send me some code samples too.
  Thank you in advance.
  bye
  R.Ravi Kiran

  To Capture the RTP Packet all you need to do is listen for a UDP packet on the destination address and you will be able to receive the data. The Data field is by default 256 bytes long (just to let you know).
  So you will send the RTP Packet to Localhost port 4444
  To capture the packet you need to be listening for a UDP packet on that Address
  it would look something like this:
  byte[] buf = new byte[256];
  DatagramSocket socket = new DatagramSocket(4444);
  DatagramPacket packet = new DatagramPacket(buf, buf.length);
  socket.receive(packet);
  then you just have to do what you want with the buf array
  I'm not to sure about the RTP Header I'm working on that as well.. so if I find anything I will let you know.

• Capturing RTP sent by JMF with Wireshark

  The post was originally at http://forums.sun.com/thread.jspa?threadID=5331241.
  I am using http://java.sun.com/javase/technologies/desktop/media/jmf/2.1.1/solutions/RTPConnector.html as a template in my program. I see the packets sent back and forth using Wireshark but Wireshark doesnt recognize them as RTP packets but UDP. The original thread had an answer about the payload.
  Where is the payload defined in the sample code I am using and how can I change the payload so that Wireshark captures them as RTP? Is it this line:
  ContentDescriptor cd = new ContentDescriptor(ContentDescriptor.RAW_RTP); If yes, what should I change it to? Also, I took a look at Wireshark and you can force the UDP packets to decode as RTP but it is not very feasible.
  Thanks.

  If you need the custom RTPConnector to send out UDP packets that show up as RTP packets, I'd recommend reposting the question to the networking forum. That's more of a networking question than it is a JMF one.

• How to use jmf convert the rtp packet (captured by jpcap) in to wav file?

  I use the jpcap capture the rtp packets(payload: ITU-T G.711 PCMU ,from voip)
  and now I want to use JMF read those data and convert in to wav file
  How to do this? please help me

  pedrorp wrote:
  Hi Captfoss!
  I fixed it but now I have another problem. My application send me this message:
  Cannot initialize audio renderer with format: LINEAR, Unknown Sample Rate, 16-bit, Mono, LittleEndian, Signed
  Unable to handle format: ALAW/rtp, Unknown Sample Rate, 8-bit, Mono, FrameSize=8 bits
  Failed to prefetch: com.sun.media.PlaybackEngine@1b45ddc
  Error: Unable to prefetch com.sun.media.PlaybackEngine@1b45ddc
  This time the fail is prefetching. I have no idea why this problem is. Could you help me?The system cant play an audio file / stream if it doesn't know the sample rate...somewhere along the way, in your code, the sample rate got lost. Sample rates are highly important, because they tell the system how fast to play the file.
  You need to go look through your code and find where the sample rate information is getting lost...

• Capturing RTP with Wireshark sent by JMF

  I have a JMF program (based on http://java.sun.com/javase/technologies/desktop/media/jmf/2.1.1/solutions/RTPConnector.html) which does peer to peer RTP transmission. I see the packets sent back and forth using Wireshark but Wireshark doesnt recognize them as RTP packets but UDP. On another forum someone said it is because Wireshark does not recognize the the payload.
  Any idea wow can I make Wireshark recognize the stream as RTP?
  Thanks in advance.
  PS, Original thread was at http://forums.sun.com/thread.jspa?threadID=5430151

  As a sidenote, the OP is handling the transmission of the pre-packetized RTP data manually...which means it's going into the payload as if it's just regular binary data, without any special handling on the networking side...

• How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)

  Hi All,
  How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)
  Thanks
  Roopesh

  Hi Roopesh,
  Please go through this document for detailed documentation on captures:
  https://supportforums.cisco.com/docs/DOC-17814
  Hope that helps.
  Thanks,
  Varun Rao
  Security Team,
  Cisco TAC

• Cisco 4500X Wireshark capture to usb not working

  Hi, I am Ashley and  i am testing  the Cisco 4500X using wireshark capture. advanced ip services IOS.
  The capture runs fine when storing the wireshark file on the bootflash. No worries.
  But when i configure the destination as USB0 my pendrive, it fails.
  The usb device is fine and is writable. I tested it by copying from bootflash to usb0:
  Followed the instructions in the config guide.
  It still fails.
  Can someone please help.
  Thanks,

  But when i configure the destination as USB0 my pendrive, it fails.
  Could be a bug but I wouldn't recommend configuring the destination as your USB drive because no one has the same luxury as you to have the USB sit there all the time.
  Store to the flash and transfer to USB is probably the best solution.

• Strange Wireshark Capture XR Span

  Good afternoon. I am working on Inter-op with a brocade CER and an ASR 9001 and I am running into an issue getting ISIS adjacency up. I was able to solve this on our other systems by paying close attention to wireshark captures of the authentication of Hello and LSP adjacency.
  However, when mirroring on the XR, I am getting some strange output. Here is my config:
  monitor-session BROCADE ethernet
   destination interface GigabitEthernet0/0/0/2
  interface GigabitEthernet0/0/0/10
   description UPLINK TO BOTTOM BROCADE ETHERNET 2
   ipv4 address 10.9.0.94 255.255.255.252
   monitor-session BROCADE ethernet
   negotiation auto
  Here is a screenshot of the packet capture:
  http://goo.gl/7xDLxw

  Here is the brocade side:
  router isis
   net 49.0002.0100.0900.0200.00
   auth-mode cleartext level-2
   auth-key "********" level-2
   bfd all-interfaces
   log adjacency
   log invalid-lsp-packets                                          
   set-overload-bit on-startup 30
   address-family ipv4 unicast
    default-metric 200
    metric-style wide
   exit-address-family
   address-family ipv6 unicast
   exit-address-family
  interface ethernet 1/2
   port-name P2P to West 9001
   enable
   route-only
   ip router isis
   ip address 10.9.0.93/30
   isis auth-mode cleartext
   isis auth-key "********"
   isis circuit-type level-2
   isis ipv6 metric 200
   isis metric 200
   isis point-to-point
  Here is the Cisco side:
  router isis lab
   set-overload-bit on-startup 30
   net 49.0002.0100.0900.0197.00
   nsf ietf
   lsp-gen-interval maximum-wait 30000 initial-wait 30000 secondary-wait 30000
   lsp-password text encrypted 130232020F3901130F1D0C356205373D11362B425A level 2
   address-family ipv4 unicast
    metric-style wide
    metric 16000000
    ispf
    default-information originate
   address-family ipv6 unicast
    metric-style wide
    metric 16000000
   interface Loopback0
    passive
    circuit-type level-2-only
    address-family ipv4 unicast
     metric 200
   interface GigabitEthernet0/0/0/10
    circuit-type level-2-only
    point-to-point
    hello-password text encrypted 121E2007163E093D0E12002E641206290023291555
    address-family ipv4 unicast
     metric 200
  I have not disabled ISIS authentication because although it is a lab others are working in it and would interrupt some of what they are doing.
  So far in the wireshark it looks like I can see hellos from the Cisco, but not from the brocade. Perhaps I am on the wrong support forums? :)

• RVS4000 mangles RTP Packets

  I've come across a strange issue with a Cisco RVS4000 router, firmware      V2.0.2.7
  First of all, ALG is turned off in the router!  The RTP port range 10001-10999 is forwarded to the PBX internal IP.
  A PBX sitting behind NAT with ports forwarded establishes a given  incoming call with a SIP trunk provider.  Packet sniffs have shown the  PBX and Trunk agree on given IP's and port numbers in Session  Description Protocol for the conversation.  The PBX behaves as you would  expect, sending the audio from the agreed ports: PBX  PrivateIP/Port(10202) --> Trunk PublicIP/Port(53544).
  The strangeness sets in when the packets come out of the WAN side of  the router.  The call setup is identical however, the first 10 RTP  packets are changed to appear to come from a different port: PBX  PublicIP/Port(51062) --> Trunk PublicIP/Port(53544).
  The remaining RTP packets after the first 10 come from the correct  port: PBX PublicIP/Port(10202) --> Trunk PublicIP/Port(53544).
  The SIP trunk provider sends audio in the reverse direction: Trunk PublicIP/Port(53544) --> PBX  PublicIP/Port(51062)
  However, the incoming audio works and arrives at the PBX on port 10202 - therefore the router is obviously applying NAT to those packets.
  The result is that the SIP trunk provider ignore all RTP packets  after the first 10 (and thus one-way audio from the trunk to the PBX) because their system accepted the first 10 from the  "wrong" port and therefore ignores the remaining packets coming from the  "right" port.
  To make things even stranger, the router behaves properly on  subsequent calls.  The issue usually only appears after a long period  without incoming calls (> 30 min.)
  Business telephones in Calgary
  www.atcomsystems.ca

  I wish to put the time of my computer...or have you any other idea to generate timestamp?

• How to prioritize RTP Packets for VOIP Audio on RV180

  Hi There,
  I'm a relative newbie to more advanced networking but have managed to get our small office IP PBX running over a SIP Trunk. The only real problem we are having is choppy outgoing audio when there is other heavy outgoing traffic on the network.
  My understanding is that I need to set some QoS parameters, which I have played with but it didn't seem to help much. I mostly dealt with allocating bandwidth. I now think I need to somehow prioritize the outgoing RTP packets from our PBX (which runs on a PC on our LAN) to help avoid the choppy audio. My research shows this can maybe be done with something called DSCP 46 and my router does support that -- I'm just a little confused on how to exactly set the configuration.
  Our router is a Cisco rv180w. I'm thinking it should be pretty straightforward, but any guidance would be appreciated (and feel free to let me know if I'm barking up the entirely wrong tree, too!)
  Thanks so much.

  OK, thank you. So specifically -- if I want to prioritize all of the RTP traffic flowing out through the router, can I do it ALL with just COS and not set any QoS, profile binding etc?
  So far I have enabled the COS Queue, left the default settings (where COS Priorities 6 and 7 are set to highest), then on the COS to DSCP page I have entered the value 46 into the Priority 6 and 7 boxes. All the rest I left at 0.
  Unfortunately this didn't seem to solve the issue. The way I have been testing is to call our PBX from an outside line, then put myself on hold so I can hear the hold music (effectively an audio stream from the PBX server). Then I listen carefully while I run a bandwidth test from speedtest.net.
  During the download test the audio (music on hold) is pretty smooth. But during the upload test (lots of data flowing outbound) the audio gets very choppy. The COS settings I've tried don't seem to improve or even change that
  I assume I'm doing something wrong and/or need to involve QoS somehow?
  - Keith

• How to send RTP packet through SIP Dialog

  Hello there !
  I work on a Java softphone which use JMF and Jain-SIP. I know JMF is "old" but I think it would be simple to capture and transmit RTP audio. So, my SIP dialog is working, I can send text messages but now, I would like to send RTP with this SIP session. I know I have to send SDP messages for codec convenience but then, what is the MediaLocator for RTP packet ? Only SIP User Agent IP or something else ?
  I also accept all ressources that can help me achieve my work :)

  I have no idea how SIP works, but, RTP packets go to an IP:PORT... theoretically, in the SIP phonecall setup, I'd imagine you'd have to be given the address to send RTP packets to the remote phone. Or perhaps the port is already well-defined by the SIP standard.
  Either way, you should have a way of knowing / finding out which PORT to send to for your SIP call, either from the call setup or the SIP standard itself.

• Configuring the SSRC of RTP packets.

  Hello.
  Can I configure a Voice Gateway to set the SSRC, of all RTP packets commong from it, to a constant value, that I will define ?
  Thanks.

  check the below link for setting up the parameters in SSRC
  http://www.cisco.com/en/US/products/hw/gatecont/ps3869/products_configuration_guide_chapter09186a0080201239.html

• DVI/RTP packet decode

  Hi,
  I need to stream audio and/or video to a PDA device. There is a trick here which is:
  The PDA must receive the stream from a multicast address. For this I have implemented a Bridge application which joins the multicast group on behalf of the PDA and receives the Multicast RTP packets (which are sent from JMStudio) and Unicasts them to the PDA.(HP iPAQ) I had no problem implementing this. The streaming is done using JMStudio player which encodes the streaming audio data into a number of encodings (DVI/RTP in my case). I choose DVI/RTP and stream a .wav audio file.
  Now I have to accept the packets and play the stream on the PDA.
  The j2me application receives all the RTP packets successfully and I can extract usefull information from the packets such as: Timestamp, sequence number, payload type. The payload type is 5 which means it is a DVI4 encoding.
  I use the following method to decode the samples:
  public int decode(Object state, byte[] input, int inp, int len, short[] output, int outp) {
  int sign;
  int delta;
  int vpdiff;
  //int valprev = audio.Convert.byte2short(input, inp);
  //int index = input[inp + 2];
  int valprev=0,index=0;
  int inputbuffer = 0;
  int bufferstep = 0;
  valprev = input[0] <<8;
  valprev |= input[1] &0xff;
  index = input[2] &0xff;
  if ( index < 0 ) index = 0;
  else if ( index > 88 ) index = 88;
  int step = stepsizeTable[index];
  inp += 4;
  len = (len - 4) * 2;
  int count = len;
  while(count-- > 0) {
  if ( 0 == bufferstep ) {
  inputbuffer = input[inp++];
  delta = (inputbuffer >> 4) & 0xf;
  bufferstep = 1;
  } else {
  delta = inputbuffer & 0xf;
  bufferstep = 0;
  index += indexTable[delta];
  if ( index < 0 ) index = 0;
  else if ( index > 88 ) index = 88;
  sign = delta & 8;
  delta = delta & 7;
  vpdiff = step >> 1;
  if ( (delta & 4) == 4 ) vpdiff += (step << 2);
  if ( (delta & 2) == 2 ) vpdiff += (step << 1);
  if ( (delta & 1) == 1 ) vpdiff += step;
  vpdiff >>= 2;
  if ( 0 != sign )
  valprev -= vpdiff;
  else
  valprev += vpdiff;
  if ( valprev > 32767 )
  valprev = 32767;
  else if ( valprev < -32768 )
  valprev = -32768;
  step = stepsizeTable[index];
  output[outp++] = (short) valprev;
  ((AdpcmState)state).valprev = valprev;
  ((AdpcmState)state).index = index;
  return len;
  which stores the result into a short[] array.
  I then convert this short[] array into a byte[] array with the following way:
  s is the short[] array
  adp is the byte array
  for(int g=0,k=0;g<s.length;g++,k=k+2){
  audio.Convert.short2byte(s[g],adp,k);
  public static void short2byte(short ival, byte b[], int offset) {
  int i;
  int bits = 16;
  for(i = 0; i >< 2; i++) {
  bits -= 8;
  b[offset + i] = (byte) ((ival >> bits) & 0xff);
  The final result is loaded to the player as follows:
  ByteArrayInputStream input1 = new ByteArrayInputStream(adp);
  player = Manager.createPlayer(input1, "audio/x-wav");//create new player
  player.addPlayerListener(this);
  player.prefetch();
  player.realize();
  player.start();
  The player begins to play but I only get horrible sounds instead of the original wave file
  The player now initializes ok without any problem but I can only hear a meesed up sound rather than the original. So now I strongly believe that the problem is in the decoding of the samples of the DVI/RTP codec.

  thesti wrote:
  how JMF deal with RTP packet loss? since my application doesn't handle anything due to RTP packet loss, i believe that JMF has a mechanism to deal with it.It "deals" with it by having a blank spot in the rendering where that packet would have gone...

• Packet sniffer only picks up UDP and no RTP packets when using JMF???

  Hi,
  I am developing a voice mail application to interface with asterisk. Here is the problem.
  I am using ethereal packet sniffer to sniff the packets. When I connect two regular SIP phones and sniff , I can sniff the RTP packets.
  But when I use JMF AVtransmit2.java and AVReceive2.java I sniff only UDP packets and no RTP packets.
  I am very confused. What is going on? If JMF sends over RTP (that uses UDP underneath), then why cannot packet sniffers detect it.

  Hi,
  I am developing a voice mail application to interface with asterisk. Here is the problem.
  I am using ethereal packet sniffer to sniff the packets. When I connect two regular SIP phones and sniff , I can sniff the RTP packets.
  But when I use JMF AVtransmit2.java and AVReceive2.java I sniff only UDP packets and no RTP packets.
  I am very confused. What is going on? If JMF sends over RTP (that uses UDP underneath), then why cannot packet sniffers detect it.

• How to read sequence numbers from RTP packets

  hi everyone.
  i want to know how to read sequence numbers of RTP packets. I will need that to reconstruct my stream from packet losses.
  URGENT Help needed!!

  The StreamTokenizer parses all numbers into only one type of value, a double. If you know that all the numeric values in the file will be integers, you could just cast the nval double field to an int and the toString() method will format it correctly.
  If you want to have different tokens and value types for different kinds of numbers, you will have to sub-class StreamTokenizer and add these capabilities yourself. You can add the type constant TT_INT, and provide an int field named ival. The toString() method would then format the value in the correct manner.
  If, on the other hand, you are actually looking for the exact text that was parsed, you could add code that collects the characters as they are parsed for any token type into the sval field in the nextToken() method, just like it already does when the token is a TT_WORD. In this manner sval is always valid for any token type.
  I hope you find this of some help.