Wireshark mailing list archives
Re: Problem playing RTP+AMR decoded call
From: Hal Wigoda <hal.wigoda () gmail com>
Date: Wed, 9 Dec 2015 10:04:18 -0600
I think this is hex. On Wed, Dec 9, 2015 at 4:51 AM, Rayed Alrashed <rayed () rayed com> wrote:
I found it! It is using IuUP, for more info check "ETSI TS 125 415" http://www.etsi.org/deliver/etsi_ts/125400_125499/125415/03.01.00_60/ts_125415v030100p.pdf On Fri, Dec 4, 2015 at 4:42 PM, Rayed Alrashed <rayed () rayed com> wrote:Hello, I am trying to decode an RTP call from a pcap file from wireshark sample captures https://wiki.wireshark.org/SampleCaptures, mainly "Mobile Terminating Call(AMR).pcap". When I extracted the RTP payload it didn't match any AMR encoding that I saw in another files, that matched the RFC 4867, and when I tried to inspect the payload using this tshark dump I noticed a pattern of incrementing numbers on the first byte that I couldn't understand, and didn't fit any RFC or specification I came a cross. $ tshark -nr wireshark_mtc.pcap -Y udp.srcport==40002 -T fields -e rtp.payload -d "udp.port==40002,rtp" | cut -c 1-30 *e0*:00:dd:06:16:00:51:67:3c:01: *00*:00:00:96:91:17:16:be:66:79: *01*:00:e1:1c:48:77:24:96:66:79: *02*:00:7d:27:55:00:88:b6:66:79: *03*:00:9d:0a:48:f9:1f:96:66:79: *04*:00:fa:5e:54:fd:1f:b6:66:79: *05*:00:18:c7:48:f5:1f:96:66:79: *06*:00:86:5e:54:fd:1f:b6:66:79: *07*:08:0d:98:00:00:00:00:0c *08*:08:25:a9:00:00:00:00:1c *09*:08:c5:a9:00:00:00:00:1c *0a*:08:59:a9:00:00:00:00:1c *0b*:08:b9:a9:00:00:00:00:1c *0c*:08:dd:a9:00:00:00:00:1c *0d*:08:3d:a9:00:00:00:00:1c *0e*:08:a1:a9:00:00:00:00:1c *0f*:08:41:a9:00:00:00:00:1c Any idea on what kind of format would start with this pattern? Thanks, Rayed___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
-- ----------------- Hal Wigoda Chicago
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Problem playing RTP+AMR decoded call Rayed Alrashed (Dec 04)
- Re: Problem playing RTP+AMR decoded call Rayed Alrashed (Dec 09)
- Re: Problem playing RTP+AMR decoded call Hal Wigoda (Dec 09)
- Re: Problem playing RTP+AMR decoded call Rayed Alrashed (Dec 09)