Wireshark capture rtp packets on Cisco CUBE.
Hello all,
We have this call flow and we are having intermittent DTMF issue
CUCM 10.5--->CUBE(10.1.1.10--->AVAYA(10.1.1.11)--->PSTN
I am trying to capture RTP packets between CUBE and AVAYA, How can we capture RTP packets between(10.1.1.10 and 10.1.1.11)??
I followed below steps and I can see the traffic only from AVAYA to CUBE and that too only SIP and TCP not RTP.
Router(config)# access-list 140 permit ip host 32.55.55.32 any
Router(config)# access-list 140 permit ip any host 32.55.55.32
This ACL will capture all traffic to and from this IP address.
Next we need to enable the Cisco packet monitoring service:
Router# monitor capture buffer holdpackets
Now we can filter the monitored traffic by filtering it through our access-list:
Router# monitor capture buffer holdpackets filter access-list 140
Now we need to name our particular packet capture. I have called mine "testcap"
Router# monitor capture point ip cef testcap all both
Router# monitor capture point associate testcap holdpackets
Now we can start our capture!
Router# monitor capture point start testcap
Once you think you have acquired enough packets, to stop the capture, type:
Router# monitor capture point stop testcap
Now you can export your data to your tftp server by typing in the following command. You can then open the .pcap file in Wireshark for viewing
Router# monitor capture buffer holdpackets export tftp://10.0.0.55/testcap.pcap
Once uploaded you can clear your capture buffer by typing the following:
Router# no monitor capture buffer holdpackets
Any help is much appreciated
Thanks!
But when i configure the destination as USB0 my pendrive, it fails.
Could be a bug but I wouldn't recommend configuring the destination as your USB drive because no one has the same luxury as you to have the USB sit there all the time.
Store to the flash and transfer to USB is probably the best solution.
Similar Messages
-
How to capture rtp packet??
Hi,
can someone plz tell me how to capture rtp packets. And also can u tell me how to remove the rtp header. I want to add another header to the rtp packet. I will be glad if u can also send me some code samples too.
Thank you in advance.
bye
R.Ravi KiranTo Capture the RTP Packet all you need to do is listen for a UDP packet on the destination address and you will be able to receive the data. The Data field is by default 256 bytes long (just to let you know).
So you will send the RTP Packet to Localhost port 4444
To capture the packet you need to be listening for a UDP packet on that Address
it would look something like this:
byte[] buf = new byte[256];
DatagramSocket socket = new DatagramSocket(4444);
DatagramPacket packet = new DatagramPacket(buf, buf.length);
socket.receive(packet);
then you just have to do what you want with the buf array
I'm not to sure about the RTP Header I'm working on that as well.. so if I find anything I will let you know. -
Capturing RTP sent by JMF with Wireshark
The post was originally at http://forums.sun.com/thread.jspa?threadID=5331241.
I am using http://java.sun.com/javase/technologies/desktop/media/jmf/2.1.1/solutions/RTPConnector.html as a template in my program. I see the packets sent back and forth using Wireshark but Wireshark doesnt recognize them as RTP packets but UDP. The original thread had an answer about the payload.
Where is the payload defined in the sample code I am using and how can I change the payload so that Wireshark captures them as RTP? Is it this line:
ContentDescriptor cd = new ContentDescriptor(ContentDescriptor.RAW_RTP); If yes, what should I change it to? Also, I took a look at Wireshark and you can force the UDP packets to decode as RTP but it is not very feasible.
Thanks.If you need the custom RTPConnector to send out UDP packets that show up as RTP packets, I'd recommend reposting the question to the networking forum. That's more of a networking question than it is a JMF one.
-
How to use jmf convert the rtp packet (captured by jpcap) in to wav file?
I use the jpcap capture the rtp packets(payload: ITU-T G.711 PCMU ,from voip)
and now I want to use JMF read those data and convert in to wav file
How to do this? please help mepedrorp wrote:
Hi Captfoss!
I fixed it but now I have another problem. My application send me this message:
Cannot initialize audio renderer with format: LINEAR, Unknown Sample Rate, 16-bit, Mono, LittleEndian, Signed
Unable to handle format: ALAW/rtp, Unknown Sample Rate, 8-bit, Mono, FrameSize=8 bits
Failed to prefetch: com.sun.media.PlaybackEngine@1b45ddc
Error: Unable to prefetch com.sun.media.PlaybackEngine@1b45ddc
This time the fail is prefetching. I have no idea why this problem is. Could you help me?The system cant play an audio file / stream if it doesn't know the sample rate...somewhere along the way, in your code, the sample rate got lost. Sample rates are highly important, because they tell the system how fast to play the file.
You need to go look through your code and find where the sample rate information is getting lost... -
Capturing RTP with Wireshark sent by JMF
I have a JMF program (based on http://java.sun.com/javase/technologies/desktop/media/jmf/2.1.1/solutions/RTPConnector.html) which does peer to peer RTP transmission. I see the packets sent back and forth using Wireshark but Wireshark doesnt recognize them as RTP packets but UDP. On another forum someone said it is because Wireshark does not recognize the the payload.
Any idea wow can I make Wireshark recognize the stream as RTP?
Thanks in advance.
PS, Original thread was at http://forums.sun.com/thread.jspa?threadID=5430151As a sidenote, the OP is handling the transmission of the pre-packetized RTP data manually...which means it's going into the payload as if it's just regular binary data, without any special handling on the networking side...
-
How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)
Hi All,
How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)
Thanks
RoopeshHi Roopesh,
Please go through this document for detailed documentation on captures:
https://supportforums.cisco.com/docs/DOC-17814
Hope that helps.
Thanks,
Varun Rao
Security Team,
Cisco TAC -
Cisco 4500X Wireshark capture to usb not working
Hi, I am Ashley and i am testing the Cisco 4500X using wireshark capture. advanced ip services IOS.
The capture runs fine when storing the wireshark file on the bootflash. No worries.
But when i configure the destination as USB0 my pendrive, it fails.
The usb device is fine and is writable. I tested it by copying from bootflash to usb0:
Followed the instructions in the config guide.
It still fails.
Can someone please help.
Thanks,But when i configure the destination as USB0 my pendrive, it fails.
Could be a bug but I wouldn't recommend configuring the destination as your USB drive because no one has the same luxury as you to have the USB sit there all the time.
Store to the flash and transfer to USB is probably the best solution. -
Strange Wireshark Capture XR Span
Good afternoon. I am working on Inter-op with a brocade CER and an ASR 9001 and I am running into an issue getting ISIS adjacency up. I was able to solve this on our other systems by paying close attention to wireshark captures of the authentication of Hello and LSP adjacency.
However, when mirroring on the XR, I am getting some strange output. Here is my config:
monitor-session BROCADE ethernet
destination interface GigabitEthernet0/0/0/2
interface GigabitEthernet0/0/0/10
description UPLINK TO BOTTOM BROCADE ETHERNET 2
ipv4 address 10.9.0.94 255.255.255.252
monitor-session BROCADE ethernet
negotiation auto
Here is a screenshot of the packet capture:
http://goo.gl/7xDLxwHere is the brocade side:
router isis
net 49.0002.0100.0900.0200.00
auth-mode cleartext level-2
auth-key "********" level-2
bfd all-interfaces
log adjacency
log invalid-lsp-packets
set-overload-bit on-startup 30
address-family ipv4 unicast
default-metric 200
metric-style wide
exit-address-family
address-family ipv6 unicast
exit-address-family
interface ethernet 1/2
port-name P2P to West 9001
enable
route-only
ip router isis
ip address 10.9.0.93/30
isis auth-mode cleartext
isis auth-key "********"
isis circuit-type level-2
isis ipv6 metric 200
isis metric 200
isis point-to-point
Here is the Cisco side:
router isis lab
set-overload-bit on-startup 30
net 49.0002.0100.0900.0197.00
nsf ietf
lsp-gen-interval maximum-wait 30000 initial-wait 30000 secondary-wait 30000
lsp-password text encrypted 130232020F3901130F1D0C356205373D11362B425A level 2
address-family ipv4 unicast
metric-style wide
metric 16000000
ispf
default-information originate
address-family ipv6 unicast
metric-style wide
metric 16000000
interface Loopback0
passive
circuit-type level-2-only
address-family ipv4 unicast
metric 200
interface GigabitEthernet0/0/0/10
circuit-type level-2-only
point-to-point
hello-password text encrypted 121E2007163E093D0E12002E641206290023291555
address-family ipv4 unicast
metric 200
I have not disabled ISIS authentication because although it is a lab others are working in it and would interrupt some of what they are doing.
So far in the wireshark it looks like I can see hellos from the Cisco, but not from the brocade. Perhaps I am on the wrong support forums? :) -
I've come across a strange issue with a Cisco RVS4000 router, firmware V2.0.2.7
First of all, ALG is turned off in the router! The RTP port range 10001-10999 is forwarded to the PBX internal IP.
A PBX sitting behind NAT with ports forwarded establishes a given incoming call with a SIP trunk provider. Packet sniffs have shown the PBX and Trunk agree on given IP's and port numbers in Session Description Protocol for the conversation. The PBX behaves as you would expect, sending the audio from the agreed ports: PBX PrivateIP/Port(10202) --> Trunk PublicIP/Port(53544).
The strangeness sets in when the packets come out of the WAN side of the router. The call setup is identical however, the first 10 RTP packets are changed to appear to come from a different port: PBX PublicIP/Port(51062) --> Trunk PublicIP/Port(53544).
The remaining RTP packets after the first 10 come from the correct port: PBX PublicIP/Port(10202) --> Trunk PublicIP/Port(53544).
The SIP trunk provider sends audio in the reverse direction: Trunk PublicIP/Port(53544) --> PBX PublicIP/Port(51062)
However, the incoming audio works and arrives at the PBX on port 10202 - therefore the router is obviously applying NAT to those packets.
The result is that the SIP trunk provider ignore all RTP packets after the first 10 (and thus one-way audio from the trunk to the PBX) because their system accepted the first 10 from the "wrong" port and therefore ignores the remaining packets coming from the "right" port.
To make things even stranger, the router behaves properly on subsequent calls. The issue usually only appears after a long period without incoming calls (> 30 min.)
Business telephones in Calgary
www.atcomsystems.caI wish to put the time of my computer...or have you any other idea to generate timestamp?
-
How to prioritize RTP Packets for VOIP Audio on RV180
Hi There,
I'm a relative newbie to more advanced networking but have managed to get our small office IP PBX running over a SIP Trunk. The only real problem we are having is choppy outgoing audio when there is other heavy outgoing traffic on the network.
My understanding is that I need to set some QoS parameters, which I have played with but it didn't seem to help much. I mostly dealt with allocating bandwidth. I now think I need to somehow prioritize the outgoing RTP packets from our PBX (which runs on a PC on our LAN) to help avoid the choppy audio. My research shows this can maybe be done with something called DSCP 46 and my router does support that -- I'm just a little confused on how to exactly set the configuration.
Our router is a Cisco rv180w. I'm thinking it should be pretty straightforward, but any guidance would be appreciated (and feel free to let me know if I'm barking up the entirely wrong tree, too!)
Thanks so much.OK, thank you. So specifically -- if I want to prioritize all of the RTP traffic flowing out through the router, can I do it ALL with just COS and not set any QoS, profile binding etc?
So far I have enabled the COS Queue, left the default settings (where COS Priorities 6 and 7 are set to highest), then on the COS to DSCP page I have entered the value 46 into the Priority 6 and 7 boxes. All the rest I left at 0.
Unfortunately this didn't seem to solve the issue. The way I have been testing is to call our PBX from an outside line, then put myself on hold so I can hear the hold music (effectively an audio stream from the PBX server). Then I listen carefully while I run a bandwidth test from speedtest.net.
During the download test the audio (music on hold) is pretty smooth. But during the upload test (lots of data flowing outbound) the audio gets very choppy. The COS settings I've tried don't seem to improve or even change that
I assume I'm doing something wrong and/or need to involve QoS somehow?
- Keith -
How to send RTP packet through SIP Dialog
Hello there !
I work on a Java softphone which use JMF and Jain-SIP. I know JMF is "old" but I think it would be simple to capture and transmit RTP audio. So, my SIP dialog is working, I can send text messages but now, I would like to send RTP with this SIP session. I know I have to send SDP messages for codec convenience but then, what is the MediaLocator for RTP packet ? Only SIP User Agent IP or something else ?
I also accept all ressources that can help me achieve my work :)I have no idea how SIP works, but, RTP packets go to an IP:PORT... theoretically, in the SIP phonecall setup, I'd imagine you'd have to be given the address to send RTP packets to the remote phone. Or perhaps the port is already well-defined by the SIP standard.
Either way, you should have a way of knowing / finding out which PORT to send to for your SIP call, either from the call setup or the SIP standard itself. -
Configuring the SSRC of RTP packets.
Hello.
Can I configure a Voice Gateway to set the SSRC, of all RTP packets commong from it, to a constant value, that I will define ?
Thanks.check the below link for setting up the parameters in SSRC
http://www.cisco.com/en/US/products/hw/gatecont/ps3869/products_configuration_guide_chapter09186a0080201239.html -
Hi,
I need to stream audio and/or video to a PDA device. There is a trick here which is:
The PDA must receive the stream from a multicast address. For this I have implemented a Bridge application which joins the multicast group on behalf of the PDA and receives the Multicast RTP packets (which are sent from JMStudio) and Unicasts them to the PDA.(HP iPAQ) I had no problem implementing this. The streaming is done using JMStudio player which encodes the streaming audio data into a number of encodings (DVI/RTP in my case). I choose DVI/RTP and stream a .wav audio file.
Now I have to accept the packets and play the stream on the PDA.
The j2me application receives all the RTP packets successfully and I can extract usefull information from the packets such as: Timestamp, sequence number, payload type. The payload type is 5 which means it is a DVI4 encoding.
I use the following method to decode the samples:
public int decode(Object state, byte[] input, int inp, int len, short[] output, int outp) {
int sign;
int delta;
int vpdiff;
//int valprev = audio.Convert.byte2short(input, inp);
//int index = input[inp + 2];
int valprev=0,index=0;
int inputbuffer = 0;
int bufferstep = 0;
valprev = input[0] <<8;
valprev |= input[1] &0xff;
index = input[2] &0xff;
if ( index < 0 ) index = 0;
else if ( index > 88 ) index = 88;
int step = stepsizeTable[index];
inp += 4;
len = (len - 4) * 2;
int count = len;
while(count-- > 0) {
if ( 0 == bufferstep ) {
inputbuffer = input[inp++];
delta = (inputbuffer >> 4) & 0xf;
bufferstep = 1;
} else {
delta = inputbuffer & 0xf;
bufferstep = 0;
index += indexTable[delta];
if ( index < 0 ) index = 0;
else if ( index > 88 ) index = 88;
sign = delta & 8;
delta = delta & 7;
vpdiff = step >> 1;
if ( (delta & 4) == 4 ) vpdiff += (step << 2);
if ( (delta & 2) == 2 ) vpdiff += (step << 1);
if ( (delta & 1) == 1 ) vpdiff += step;
vpdiff >>= 2;
if ( 0 != sign )
valprev -= vpdiff;
else
valprev += vpdiff;
if ( valprev > 32767 )
valprev = 32767;
else if ( valprev < -32768 )
valprev = -32768;
step = stepsizeTable[index];
output[outp++] = (short) valprev;
((AdpcmState)state).valprev = valprev;
((AdpcmState)state).index = index;
return len;
which stores the result into a short[] array.
I then convert this short[] array into a byte[] array with the following way:
s is the short[] array
adp is the byte array
for(int g=0,k=0;g<s.length;g++,k=k+2){
audio.Convert.short2byte(s[g],adp,k);
public static void short2byte(short ival, byte b[], int offset) {
int i;
int bits = 16;
for(i = 0; i >< 2; i++) {
bits -= 8;
b[offset + i] = (byte) ((ival >> bits) & 0xff);
The final result is loaded to the player as follows:
ByteArrayInputStream input1 = new ByteArrayInputStream(adp);
player = Manager.createPlayer(input1, "audio/x-wav");//create new player
player.addPlayerListener(this);
player.prefetch();
player.realize();
player.start();
The player begins to play but I only get horrible sounds instead of the original wave file
The player now initializes ok without any problem but I can only hear a meesed up sound rather than the original. So now I strongly believe that the problem is in the decoding of the samples of the DVI/RTP codec.thesti wrote:
how JMF deal with RTP packet loss? since my application doesn't handle anything due to RTP packet loss, i believe that JMF has a mechanism to deal with it.It "deals" with it by having a blank spot in the rendering where that packet would have gone... -
Packet sniffer only picks up UDP and no RTP packets when using JMF???
Hi,
I am developing a voice mail application to interface with asterisk. Here is the problem.
I am using ethereal packet sniffer to sniff the packets. When I connect two regular SIP phones and sniff , I can sniff the RTP packets.
But when I use JMF AVtransmit2.java and AVReceive2.java I sniff only UDP packets and no RTP packets.
I am very confused. What is going on? If JMF sends over RTP (that uses UDP underneath), then why cannot packet sniffers detect it.Hi,
I am developing a voice mail application to interface with asterisk. Here is the problem.
I am using ethereal packet sniffer to sniff the packets. When I connect two regular SIP phones and sniff , I can sniff the RTP packets.
But when I use JMF AVtransmit2.java and AVReceive2.java I sniff only UDP packets and no RTP packets.
I am very confused. What is going on? If JMF sends over RTP (that uses UDP underneath), then why cannot packet sniffers detect it. -
How to read sequence numbers from RTP packets
hi everyone.
i want to know how to read sequence numbers of RTP packets. I will need that to reconstruct my stream from packet losses.
URGENT Help needed!!The StreamTokenizer parses all numbers into only one type of value, a double. If you know that all the numeric values in the file will be integers, you could just cast the nval double field to an int and the toString() method will format it correctly.
If you want to have different tokens and value types for different kinds of numbers, you will have to sub-class StreamTokenizer and add these capabilities yourself. You can add the type constant TT_INT, and provide an int field named ival. The toString() method would then format the value in the correct manner.
If, on the other hand, you are actually looking for the exact text that was parsed, you could add code that collects the characters as they are parsed for any token type into the sval field in the nextToken() method, just like it already does when the token is a TT_WORD. In this manner sval is always valid for any token type.
I hope you find this of some help.
Maybe you are looking for
-
Bootcamp on Macbook Air: USB not possible?
Hi all, I am currently trying to install Windows 7 on my Macbook Air (Late 2010, running with OS X 10.10.3). Since the macbook air doesn't have a DVD-drive, bootcamp should provide the possibility to create a bootable version of Windows on an USB-Dri
-
hello friends. where should i get the Terminal name whose making the changes. actually one user change the PO and i want who change this PO i get the User name but I Wants to know on which Terminal that changes was made can i get such detail. Its ver
-
Hi, I have a SOAP callable JCD, which i deploy to an HTTP Authenticated server. We use basic HTTP authentication. Is it possible to obtain the username from the http header from within the JCD? I fear that i might have to use a HTTP eway in some shap
-
Itunes stores pages not displaying/updating graphics -- only gray blanks
Kinda frustrated. Upgraded to latest Itunes (12.0.1) about 2wks ago on my Imac with OSX 10.7.5 Lion. Itunes is performing all functions except no images display at all -- text appears on all the store pages and "my mouse clicks" plays music, and sh
-
SM35: Batch mass processing
Hello Gurus, I have more than 8000 Batch input to process because of the warning message #00349 saying that "Field &1&2 does not exist in the screen &3 &4" (these are batch input for transaction FB01). when I process it in foreground and click on "En