Wireshark mailing list archives
Re: RTCP: Filtering SDES items in 'tshark'
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Wed, 09 Nov 2011 11:26:29 +0100
Hi, That should happen (given an up-to-date tshark version) by using -E OCCURRENCE=A Thanks, Jaap On Mon, 7 Nov 2011 17:09:45 +0000, Martin Thorpe wrote:
Hi all Hope everyone is well :-)
Quick question, I am receiving RTCP packets to a Linux host where
I am writing away to MySQL based on several thresholds being reached, I would like to write ALL the SDES 'Text' field information but I can only seem to grab part of it, here is an example of the data that is coming in:
Real-time Transport Control Protocol (Source description)
10.. .... = Version: RFC 1889 Version (2)
..0. .... = Padding: False
...0 0001 = Source count: 1
Packet type: Source description (202)
Length: 23 (96 bytes)
Chunk 1, SSRC/CSRC 0x2CE7939A Identifier:
0x2ce7939a (753374106)
SDES items Type: CNAME (user and domain)
(1)
Length: 26 Text: ext123456@10.10.10.10:1234 [1] Type: PHONE
(phone number) (4)
Length: 5 Text: 50035 Type: TOOL (name/version
of source app) (6)
Length: 50 Text: IP Telephone (IP Telephone
Firmware Version)
Type: END (0) Now using my capture running as
follows I only am able to display (using fields) the final piece of text from the SDES items:
tshark -i eth0 -o "rtp.heuristic_rtp: TRUE"
-R 'rtcp.ssrc.cum_nr >= 50' -V -d udp.port==5005,rtcp -e rtcp.ssrc.fraction -e rtcp.ssrc.jitter -e rtcp.ssrc.cum_nr -e rtcp.sdes.text -e ip.src_host -e rtp.ext -S -T fields -E separator=, -E quote=d
Is there anyway to also include the telephone extension
number as seen in the 'Text' field above the final 'Text' field??
Thanks for your help OCCURRENCE=F|L|A Links: ------ [1] mailto:ext123456@10.10.10.10:1234
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- RTCP: Filtering SDES items in 'tshark' Martin Thorpe (Nov 07)
- Re: RTCP: Filtering SDES items in 'tshark' Jaap Keuter (Nov 09)
- Re: RTCP: Filtering SDES items in 'tshark' Martin Thorpe (Nov 12)
- Re: RTCP: Filtering SDES items in 'tshark' Martin Thorpe (Nov 15)
- Re: RTCP: Filtering SDES items in 'tshark' Guy Harris (Nov 15)
- Re: RTCP: Filtering SDES items in 'tshark' Martin Thorpe (Nov 16)
- Re: RTCP: Filtering SDES items in 'tshark' Martin Thorpe (Nov 12)
- Re: RTCP: Filtering SDES items in 'tshark' Jaap Keuter (Nov 09)