I'm glad its working and thanks for the info on voip.<br><br>Couple of comments: (the first 2 aren't important, but the 3rd seems more significant)<br><br>1. <br>I suspect you are <b>NOT </b>concerned with porting your code to another OS or machine<br>
that has different byte order but if you were you need to be careful with bit masks.<br>Here is a "typical" typedef you might see for the ip_header:<br><br><br>#if BYTE_ORDER == LITTLE_ENDIAN<br> u_int ip_hl:4, /* header length */<br>
ip_v:4; /* version */<br>#endif<br>#if BYTE_ORDER == BIG_ENDIAN<br> u_int ip_v:4, /* version */<br> ip_hl:4; /* header length */<br>#endif<br><br>Needless to say if you are getting an ip header of 20 bytes (and not 16) <br>
then your bit masks are in the proper order (for your operating system). <br><br>2. Note:<br>ntohs = "network" to "host" short<br>ntohl = "network" to "host" long<br><br>htons = "host" to "network" short<br>
htonl = you get the idea...<br><br>Anyway, ntohX and htonX really do the same thing, so this is <b>very petty</b>, since you<br>are reading from the network you want to use the "ntoh" set. (you can disregard this<br>
comment, but it is something i'd like to know if i were in your shoes)<br><br>And if you're wondering why there are 2 versions- that seems like a legitimate question to me too.<br><br>Oh yeah, <b>"do the same thing" </b>means swap the byte order -<br>
i.e. 0x12 swapped becomes 0x21. <br>So assuming the host byte order is LITTLE ENDIAN - since the network is BIG ENDIAN<br>then<br>513 = ntohs(258); // 0x21 = ntohs(0x12)<br>513 = htons(258)<br><br>If byte order is the same then <br>
<br>258 = ntohs(258)<br> <br>3. <br>The "htons" (or ntohs) is really a bit alarming on a <b>bit </b>field.<br><br>A structure that is "unsigned short padding : 1" really should have a value of 0 to 1. <br>
<br>Applying ntohs () (on a little endian cpu) will result in a value of 0 or 256, which has to be wrong.<br><br>You have the data in front of you, so if it's working then maybe i'm crazy.<br><br>Anyway good luck and again thanks for the voip info.<br>
<br>john<br><br><br><div class="gmail_quote">On Tue, Mar 11, 2008 at 7:09 PM, TORKHANI Wajdi <<a href="mailto:wajdi.torkhani@laposte.net">wajdi.torkhani@laposte.net</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div vlink="purple" link="blue" bgcolor="white" lang="ES">
<div><font face="Tahoma" size="2">thank you so so much :)</font></div>
<div><font face="Tahoma" size="2"></font> </div>
<div><font face="Tahoma" size="2">I took your advice and I solved the problem number
3 :</font></div>
<div><font face="Tahoma" size="2">_______________________________________</font></div>
<div><font face="Tahoma" size="2">I- change Structure RTP header :</font></div>
<div><font face="Tahoma" size="2">struct rtphdr{</font></div>
<div><font face="Tahoma" size="2"> unsigned short CSRC_count:4; //
CSRC count<br> unsigned short extension:1; // header
extension flag<br> unsigned short padding:1; // padding
flag<br> unsigned short ver:2; // protocol version<br> unsigned
short Payload:7; // payload type<br> unsigned short
Marker:1; // marker bit<br> unsigned short
Sequence; // sequence number<br> unsigned int
Timestamp; // timestamp<br> unsigned int
SSRC; // synchronization source<br> //unsigned int
csrc[1]; // optional CSRC list</font></div>
<div><font face="Tahoma" size="2">};</font></div>
<div><font face="Tahoma" size="2">_________________________</font></div>
<div><font face="Tahoma" size="2">II- replace : sizeof(struct iphdr) by
(ip->ihl * 4) </font></div>
<div><font face="Tahoma" size="2">rtp=(struct rtphdr *)(pkt_data+(sizeof(struct
ethhdr)+(ip->ihl * 4)+sizeof(struct udphdr)));</font></div>
<div><font face="Tahoma" size="2">________________________</font></div>
<div><font face="Tahoma" size="2">III- htons and htonl :</font></div>
<div><font face="Tahoma" size="2"><div class="Ih2E3d">fprintf(stdout,"------------------------------------------------------\n");<br>fprintf(stdout,"Version
: %d
|\r\n",rtp->ver);<br>fprintf(stdout,"Padding
: %.5d
|\r\n",htons(rtp->padding));<br>fprintf(stdout,"Extension
: %.5d
|\r\n",htons(rtp->extension));<br>fprintf(stdout,"CSRC_count
: %.5d
|\r\n",htons(rtp->CSRC_count));<br>fprintf(stdout,"Marker
: %.5d
|\r\n",htons(rtp->Marker));<br></div>fprintf(stdout,"Payload
: %d |\r\n",rtp->Payload);<br>fprintf(stdout,"Sequence
Number : %u
|\r\n",htons(rtp->Sequence));<br>fprintf(stdout,"Timestamp
: %u |\r\n",htonl(rtp->Timestamp));<br>fprintf(stdout,"Synchronization
source : %u
|\r\n",htonl(rtp->SSRC));</font></div>
<div><font face="Arial" size="2">_____________________________</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">For the first and second question i will give you
more details maybe they can help you to help me :P<br>1-I must create a
voip sniffer (to capture communication VOIP on the LAN) and then to convert them
into audio format.<br>2-regroup the paquet of a communication together to store
it the bitstream format required by the decoder (voiceage G729).<br>I succeeded
in :<br>preparing a sniffer in C++ (by using the library winpcap) (capture
network traffic,filtre UDP trafic,Read ethernet,ip,udp and RTP
header)<br>and now i'm working on the bulding of the bitstream
file.</font></div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2"></font> </div>
<div><font face="Arial" size="2">Thank you,</font></div>
<div><font face="Arial" size="2">Wajdi TORKHANI</font></div><font color="#888888">
</font><blockquote style="border-left: 2px solid rgb(0, 0, 0); padding-right: 0px; padding-left: 5px; margin-left: 5px; margin-right: 0px;"><div class="Ih2E3d">
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">----- Original Message ----- </div>
<div style="background: rgb(228, 228, 228) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
<b>From:</b>
<a title="MariaF.Requena@a-e.es" href="mailto:MariaF.Requena@a-e.es" target="_blank">Maria de
Fatima Requena</a> </div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"><b>To:</b> <a title="winpcap-users@winpcap.org" href="mailto:winpcap-users@winpcap.org" target="_blank">winpcap-users@winpcap.org</a> </div>
</div><div><div></div><div class="Wj3C7c"><div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
<b>Sent:</b> Tuesday, March 11, 2008 8:23
AM</div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"><b>Subject:</b> RE: [Winpcap-users] VOIP
[RTP]</div>
<div><br></div>
<div>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">Maybe
the problem is byte order. If you take a look at wireshark examples, you will
see instructions like ntohs, or some ones that apply bit masks, that do this
change.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">On
the other hand, once you have stopped reading packets, you can use tools to
give the streams format. For example goldwave lets you determine the type of
coding you need before opening the file. Anyway, you can manually add header
format to your files.</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US">I
hope this helps</span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);" lang="EN-US"> </span></p>
<div>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="padding: 0cm;">
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"><img alt="http://www.alhambra-eidos.es/CO/11.gif" height="15" width="300"></span><span style="color: rgb(31, 73, 125);"></span></p></td></tr>
<tr>
<td style="padding: 0cm; background: rgb(102, 0, 161) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; width: 225pt;" width="300">
<p style="text-align: center;" align="center"><b><span style="font-size: 10pt; color: white;">María
de Fátima Requena Cabot (2488)<br>+34 91 787 23 00
<a href="http://alhambra-eidos.es" target="_blank">alhambra-eidos.es</a></span></b><span style="color: rgb(31, 73, 125);"></span></p></td></tr></tbody></table>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<p><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div>
<div style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p><b><span style="font-size: 10pt;">De:</span></b><span style="font-size: 10pt;">
<a href="mailto:winpcap-users-bounces@winpcap.org" target="_blank">winpcap-users-bounces@winpcap.org</a> [mailto:<a href="mailto:winpcap-users-bounces@winpcap.org" target="_blank">winpcap-users-bounces@winpcap.org</a>]
<b>En nombre de </b>Gianluca Varenni<br><b>Enviado el:</b> viernes, 07 de
marzo de 2008 18:12<br><b>Para:</b>
<a href="mailto:winpcap-users@winpcap.org" target="_blank">winpcap-users@winpcap.org</a><br><b>Asunto:</b> Re: [Winpcap-users] VOIP
[RTP]</span></p></div></div>
<p> </p>
<div>
<p><span style="font-size: 10pt;">I'm not an expert about RTP,
so I cannot answer questions 1 and 2. Regarding 3, for sure there's something
that "smells" in your code</span></p></div>
<div>
<p><span style="font-size: 10pt;">- you are assuming that you
are always receiving UDP packets encapsulated over IPv4. Unless you are
filtering the captured packets to make sure they are IPv4 and UDP, you should
check the ethertype and the L3 protocol type.</span></p></div>
<div>
<p><span style="font-size: 10pt;">- you are assuming that the
IP header has a fixed size (...</span><span style="font-size: 10pt;">sizeof(struct
iphdr)...). This is not true. You need to compute the length of the IPv4
header by looking at the first byte in the IP header
itself.</span></p></div>
<div>
<p> </p></div>
<div>
<p><span style="font-size: 10pt;">Hope it
helps</span></p></div>
<div>
<p><span style="font-size: 10pt;">GV</span></p></div>
<div>
<p> </p></div>
<blockquote style="border-style: none none none solid; border-color: -moz-use-text-color -moz-use-text-color -moz-use-text-color black; border-width: medium medium medium 1.5pt; margin: 5pt 0cm 5pt 3.75pt; padding: 0cm 0cm 0cm 4pt;">
<div>
<p><span style="font-size: 10pt;">----- Original
Message ----- </span></p></div>
<div>
<p style="background: rgb(228, 228, 228) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"><b><span style="font-size: 10pt;">From:</span></b><span style="font-size: 10pt;"> <a title="wajdi.torkhani@laposte.net" href="mailto:wajdi.torkhani@laposte.net" target="_blank">TORKHANI Wajdi</a>
</span></p></div>
<div>
<p><b><span style="font-size: 10pt;">To:</span></b><span style="font-size: 10pt;"> <a title="winpcap-users@winpcap.org" href="mailto:winpcap-users@winpcap.org" target="_blank">winpcap-users@winpcap.org</a>
</span></p></div>
<div>
<p><b><span style="font-size: 10pt;">Sent:</span></b><span style="font-size: 10pt;"> Tuesday, March
04, 2008 2:40 PM</span></p></div>
<div>
<p><b><span style="font-size: 10pt;">Subject:</span></b><span style="font-size: 10pt;"> [Winpcap-users]
VOIP [RTP]</span></p></div>
<div>
<p> </p></div>
<div>
<p><span style="font-size: 10pt;">Hi,<br><br>I get
the rtp packet from winpcap but i have the following problem:<br><br>1-how
to regroup the paquet of a communication together to store it and apply the
CODEC(G.729A)?<br>2-how detect the end of call ?!<br>3-I have a problem with
reading the RTP header, below a part of my source code
:<br>------------------</span></p></div>
<div style="margin: 3.75pt 15pt 15pt;">
<div style="margin-bottom: 1.5pt;">
<p><span style="font-size: 10pt;">Code:</span></p></div>
<div style="margin-bottom: 1.5pt;">
<p> </p></div>
<div style="margin-bottom: 1.5pt;">
<p><span style="font-size: 10pt;">struct
rtphdr{<br><br>unsigned short ver:2 ;<br>unsigned short
padding:1;<br>unsigned short extension:1 ;<br>unsigned short CSRC_count:4
;<br>unsigned short Marker:1 ;<br>unsigned short Payload :7 ;<br>unsigned
short Sequence ;// 16 bits<br>unsigned int Timestamp;//32 bits<br>unsigned
int SSRC ;//32 bits<br>};</span></p></div>
<div style="margin-bottom: 1.5pt;">
<p><span style="font-size: 10pt;">--------------------<br>Code:</span></p></div>
<div style="margin-bottom: 1.5pt;">
<p><span style="font-size: 10pt;">rtp=(struct
rtphdr *)(pkt_data+(sizeof(struct ethhdr)+sizeof(struct iphdr)+sizeof(struct
udphdr)));</span></p></div>
<div style="margin-bottom: 1.5pt;">
<p><span style="font-size: 10pt;">---------------------------</span></p></div>
<div style="margin-bottom: 1.5pt;">
<p><span style="font-size: 10pt;">Code:</span></p></div>
<div style="margin-bottom: 1.5pt;">
<p> </p></div>
<div style="margin-bottom: 1.5pt;">
<p><span style="font-size: 10pt;">fprintf(stdout,"------------------------------------------------------\n");<br>fprintf(stdout,"Version
: %d
|\r\n",rtp->ver);<br>fprintf(stdout,"Padding
: %.5d
|\r\n",htons(rtp->padding));<br>fprintf(stdout,"Extension
: %.5d
|\r\n",htons(rtp->extension));<br>fprintf(stdout,"CSRC_count
: %.5d
|\r\n",htons(rtp->CSRC_count));<br>fprintf(stdout,"Marker
: %.5d
|\r\n",htons(rtp->Marker));<br>fprintf(stdout,"Payload
: %.5d |\r\n",htons(rtp->Payload));<br>fprintf(stdout,"Sequence
Number : %.5d
|\r\n",htons(rtp->Sequence));<br>fprintf(stdout,"Timestamp
: %.5d |\r\n",htons(rtp->Timestamp));<br>fprintf(stdout,"Synchronization
source : %.5d
|\r\n",htons(rtp->SSRC));</span><br><span style="font-size: 10pt;">------------------------<br>Ethernet,IP
and UDP header are correct.<br>When i compare the result whith ethreal
result i fin that only SSRC is correct !<br>thank you.<br>I'm sorry for my
bad english <img border="0"></span></p></div></div>
<div>
<p> </p></div>
<div>
<p><span style="font-size: 10pt;">TORKHANI
Wajdi</span></p></div>
<div style="text-align: center;" align="center">
<hr align="center" size="2" width="100%">
</div>
<p>_______________________________________________<br>Winpcap-users
mailing
list<br><a href="mailto:Winpcap-users@winpcap.org" target="_blank">Winpcap-users@winpcap.org</a><br><a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a></p>
</blockquote></div></div>
<p>
</p><hr>
<p></p>_______________________________________________<br>Winpcap-users
mailing
list<br><a href="mailto:Winpcap-users@winpcap.org" target="_blank">Winpcap-users@winpcap.org</a><br><a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br>
</div></div></blockquote></div>
<br>_______________________________________________<br>
Winpcap-users mailing list<br>
<a href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a><br>
<a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br>
<br></blockquote></div><br>