Ethereal will let you export an rtp stream as a .au file. That's one of the very minor items we cover in our conference series and our VoIP 100 course.
There is a lot more fun to be had when you get into RTP sequence number prediction and RTP stream I injection. -------------------------------------------------- Salvatore Giudice [EMAIL PROTECTED] VoIP Security Training, LLC http://VoIPSecurityTraining.com 848 N. Rainbow Blvd. #1676 Las Vegas, NV 89107 Phone: (617) 959-7625 Fax: (214) 279-2906 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug Garstang Sent: Tuesday, May 01, 2007 3:47 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] OT: Capture Asterisk traffic I remember an app called 'vomit' that could allegedly reconstruct audio files from tcpdump pcap files. Salvatore Giudice wrote: > I think you want: > > tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp dst portrange > 5060-65534 > > > > dst port port > True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a > destination port value of port. The port can be a number or a name used in > /etc/services (see tcp(4P) and udp(4P)). If a name is used, both the port > number and protocol are checked. If a number or ambiguous name is used, only > the port number is checked (e.g., dst port 513 will print both tcp/login > traffic and udp/who traffic, and port domain will print both tcp/domain and > udp/domain traffic). > src port port > True if the packet has a source port value of port. > port port > True if either the source or destination port of the packet is port. > dst portrange port1-port2 > True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a > destination port value between port1 and port2. port1 and port2 are > interpreted in the same fashion as the port parameter for port. > src portrange port1-port2 > True if the packet has a source port value between port1 and port2. > portrange port1-port2 > True if either the source or destination port of the packet is between port1 > and port2. > Any of the above port or port range expressions can be prepended with the > keywords, tcp or udp, as in: > > -------------------------------------------------- > Salvatore Giudice > [EMAIL PROTECTED] > > VoIP Security Training, LLC > http://VoIPSecurityTraining.com > > 848 N. Rainbow Blvd. #1676 > Las Vegas, NV 89107 > Phone: (617) 959-7625 > Fax: (214) 279-2906 > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of CSB > Sent: Tuesday, May 01, 2007 1:32 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: [asterisk-users] OT: Capture Asterisk traffic > > I want to capture all my Asterisk traffic (including RTP) and then analyse > it. > > My plan was to use tcpdump and then analyse with Wireshark. The following > works: > tcpdump -i eth0 -s 0 -w /tmp/tcpdump.1 > > But I want to be a bit more selective: > tcpdump -C 100 -W 10 -w /tmp/tcpdump -i eth1 -s 0 udp and dst port >= 5060 > > This doesn't capture the RTP traffic. Could anyone advise what I'm doing > wrong or suggest a better way? > > Thanks > > Cameron > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
