Re: Problem playing RTP+AMR decoded call

[Rayed Alrashed <rayed () rayed com>]

I found it! It is using IuUP, for more info check "ETSI TS 125 415"
http://www.etsi.org/deliver/etsi_ts/125400_125499/125415/03.01.00_60/ts_125415v030100p.pdf

On Fri, Dec 4, 2015 at 4:42 PM, Rayed Alrashed <rayed () rayed com> wrote:

> Hello,
>
> I am trying to decode an RTP call from a pcap file from wireshark sample
> captures https://wiki.wireshark.org/SampleCaptures, mainly "Mobile
> Terminating Call(AMR).pcap".
>
> When I extracted the RTP payload it didn't match any AMR encoding that I
> saw in another files, that matched the RFC 4867, and when I tried to
> inspect the payload using this tshark dump I noticed a pattern of
> incrementing numbers on the first byte that I couldn't understand, and
> didn't fit any RFC or specification I came a cross.
>
> $ tshark -nr wireshark_mtc.pcap -Y udp.srcport==40002 -T fields -e
> rtp.payload -d "udp.port==40002,rtp" | cut -c 1-30
> *e0*:00:dd:06:16:00:51:67:3c:01:
> *00*:00:00:96:91:17:16:be:66:79:
> *01*:00:e1:1c:48:77:24:96:66:79:
> *02*:00:7d:27:55:00:88:b6:66:79:
> *03*:00:9d:0a:48:f9:1f:96:66:79:
> *04*:00:fa:5e:54:fd:1f:b6:66:79:
> *05*:00:18:c7:48:f5:1f:96:66:79:
> *06*:00:86:5e:54:fd:1f:b6:66:79:
> *07*:08:0d:98:00:00:00:00:0c
> *08*:08:25:a9:00:00:00:00:1c
> *09*:08:c5:a9:00:00:00:00:1c
> *0a*:08:59:a9:00:00:00:00:1c
> *0b*:08:b9:a9:00:00:00:00:1c
> *0c*:08:dd:a9:00:00:00:00:1c
> *0d*:08:3d:a9:00:00:00:00:1c
> *0e*:08:a1:a9:00:00:00:00:1c
> *0f*:08:41:a9:00:00:00:00:1c
>
> Any idea on what kind of format would start with this pattern?
>
>
> Thanks,
> Rayed
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe