I want to parse only RTP packets from a .pcap file generated from WireShark using libpcap library.
I have seen number of example that works on device to get the packets using libpcap but i am not able to find any example that can extract specific packets from the .pcap file.
anyone knows link to such examples or anyone having sample code for doing this.
Thanks.
libpcap 使用函数pcap_compile和pcap_setfilter(在此处使用示例代码进行描述)在开始捕获循环之前过滤数据包。TCPDump的手册页中描述了过滤器语法
过滤 RTP 数据包带来了进一步的挑战,因为它们不是通过标准端口发送的,并且没有其他方便的方法来检测协议。用于 RTP 的端口由 RTP 设置之前的控制通道协议(例如 SIP)协商。此示例包含一条 SIP 消息,其中rport=5060行给出了用于 RTP 的 UDP 端口(见下文)。
因此,检测 RTP 需要检查 SIP 协议数据包(或其他信令协议以找出要过滤的 RTP 端口。
SIP/2.0 200 OK
Call-ID: 29858147-465b0752@29858051-465b07b2
Contact: pel<sip:35104723@192.168.1.2:5060;line=7d36558f31367051>;q=0.500;expires=1200
CSeq: 6 REGISTER
From: <sip:35104723@sip.cybercity.dk>;tag=659abf
P-Associated-URI: <sip:35104723@sip.cybercity.dk>
To: <sip:35104723@sip.cybercity.dk>;tag=00-04087-1701bae7-76fb74995
Via: SIP/2.0/UDP 192.168.1.2;received=80.230.219.70;rport=5060;branch=z9hG4bKnp6658824-465059f1192.168.1.2