[Winpcap-users] VOIP [RTP]

Maria de Fatima Requena MariaF.Requena at a-e.es
Tue Apr 8 06:25:24 GMT 2008


Maybe this can help:

http://www.packetizer.com/ipmc/h323/


María de Fátima Requena Cabot (2488)
+34 91 787 23 00 alhambra-eidos.es
 

-----Mensaje original-----
De: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] En nombre de TORKHANI Wajdi
Enviado el: martes, 08 de abril de 2008 0:13
Para: winpcap-users at winpcap.org
Asunto: Re: [Winpcap-users] VOIP [RTP]

Hello,

I think that i must search in H.323 side  but i don't how ! (I think that 
H.323 use TCP)
What's the structure of H323 packet ?
In H.323 packet can i find all details about communication like phone number 
(...) ?
Please have you some code, some example ?

Thank you so much.

----- Original Message ----- 
From: "TORKHANI Wajdi" <wajdi.torkhani at laposte.net>
To: <winpcap-users at winpcap.org>
Sent: Monday, April 07, 2008 5:54 PM
Subject: Re: [Winpcap-users] VOIP [RTP]


> Hi,
>
> "UDP".
>
>
>
> ----- Original Message ----- 
> From: "Maria de Fatima Requena" <MariaF.Requena at a-e.es>
> To: <winpcap-users at winpcap.org>
> Sent: Monday, April 07, 2008 8:16 AM
> Subject: RE: [Winpcap-users] VOIP [RTP]
>
>
>> Which protocol are you sniffing?
>>
>>
>> María de Fátima Requena Cabot (2488)
>> +34 91 787 23 00 alhambra-eidos.es
>>
>>
>> -----Mensaje original-----
>> De: winpcap-users-bounces at winpcap.org
>> [mailto:winpcap-users-bounces at winpcap.org] En nombre de TORKHANI Wajdi
>> Enviado el: sábado, 05 de abril de 2008 0:00
>> Para: winpcap-users at winpcap.org
>> Asunto: Re: [Winpcap-users] VOIP [RTP]
>>
>> Thank you so much it work !!
>> To convert the two file i use lame(from sourceforge) and to mix it is use
>> sox (from sourceforge).
>> Thank you so much i am so happppppppyyy :)
>> But, now i need to know:
>> 1- How can i detect the end of call ?
>> 2- How can i get some details about communication like phone number (...)
>> ?
>>
>> Thank you Thank you Thank you Thank you
>>
>> ----- Original Message ----- 
>> From: "Camiel Vanderhoeven" <iamcamiel at gmail.com>
>> To: <winpcap-users at winpcap.org>
>> Sent: Thursday, April 03, 2008 9:05 PM
>> Subject: Re: [Winpcap-users] VOIP [RTP]
>>
>>
>>> Hello Wajdi,
>>>
>>> You should record each direction into a separate file, so you get two
>>> files; have you done this? If you record every packet you get into a
>>> single file, it will become a mess. Once you have the two files,
>>> convert both files to wav, and then use another program to mix them
>>> together.
>>>
>>> Camiel.
>>>
>>> On Mon, Mar 31, 2008 at 11:31 AM, TORKHANI Wajdi
>>> <wajdi.torkhani at laposte.net> wrote:
>>>>
>>>>
>>>>
>>>> Hi,
>>>> please help me :(
>>>> i don't know where to go, or what to search, so any suggestions .
>>>> Let's go step by step :
>>>> If i record in one direction the voice run quickly !!
>>>> But when it recorded in both directions; there is a noise on the
>>>> packets!!
>>>> (I used a linear list to sort the recived packet by the timestamp and
>>>> then
>>>> store it in a binary file)
>>>>
>>>> Thank you.
>>>>
>>>> ----- Original Message -----
>>>> From: Maria de Fatima Requena
>>>> To: winpcap-users at winpcap.org
>>>> Sent: Tuesday, March 18, 2008 9:09 AM
>>>> Subject: RE: [Winpcap-users] VOIP [RTP]
>>>>
>>>>
>>>>
>>>>
>>>> Just like you use lame, there are other programs to mix two files (with
>>>> a
>>>> little help of google I'm sure you will find the best for you)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> María de Fátima Requena Cabot (2488)
>>>> +34 91 787 23 00 alhambra-eidos.es
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> De: winpcap-users-bounces at winpcap.org
>>>> [mailto:winpcap-users-bounces at winpcap.org] En nombre de TORKHANI Wajdi
>>>> Enviado el: lunes, 17 de marzo de 2008 23:52
>>>> Para: winpcap-users at winpcap.org
>>>> Asunto: Re: [Winpcap-users] VOIP [RTP]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thank you so much
>>>>
>>>> After 4 weeks I can finally to hear the voice,
>>>> But now I have another problem!
>>>> If i record only one direction the sound run very quickly and if record
>>>> both
>>>> direction (in one file) i have a very very very bad quality of voice
>>>> !!!!
>>>>
>>>> 1-I record the payload in a binary file:
>>>>
>>>>
>>>>
>>>> Code:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> void rawfile(unsigned char * payload,FILE *f){
>>>> fwrite(payload, 10,1,f);  //10 :because audio data is packed into 80
>>>> bits
>>>> (10 bytes)
>>>> }
>>>>
>>>>
>>>>
>>>> 2- I decode the binary file by using voiceage G729, which gives me a
>>>> file
>>>> :
>>>> "16-bit mono PCM speech data sampled at 8000 Hz"
>>>>
>>>> 3- convert PCM file into wav by using Lame with:
>>>> lame --decode -x -r -s 8000 -m m -b 16 file.pcm file.wav
>>>>
>>>> Is it correct ?!
>>>>
>>>>
>>>> If i create two file one for each direction how can i mix them later ?
>>>>
>>>>
>>>> thank you so much
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>>
>>>>
>>>> From: Maria de Fatima Requena
>>>>
>>>>
>>>> To: winpcap-users at winpcap.org
>>>>
>>>>
>>>> Sent: Monday, March 17, 2008 8:26 AM
>>>>
>>>>
>>>> Subject: RE: [Winpcap-users] VOIP [RTP]
>>>>
>>>>
>>>>
>>>>
>>>> RTP packets can be captured on two streams (one for each direction), 
>>>> and
>>>> later you can mix them. I think raw files doesn't need a header, but 
>>>> you
>>>> can
>>>> use programs to open your streams specifying a certain format
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> María de Fátima Requena Cabot (2488)
>>>> +34 91 787 23 00 alhambra-eidos.es
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> De: winpcap-users-bounces at winpcap.org
>>>> [mailto:winpcap-users-bounces at winpcap.org] En nombre de TORKHANI Wajdi
>>>> Enviado el: jueves, 13 de marzo de 2008 20:49
>>>> Para: winpcap-users at winpcap.org
>>>> Asunto: Re: [Winpcap-users] VOIP [RTP]
>>>>
>>>>
>>>>
>>>>
>>>> Hello,
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Does any one know how can i create a bitstream seems the (.raw) file
>>>> exported by ethreal (seems the output file of rtpdum.exe) ?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thank you,
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>>
>>>>
>>>> From: TORKHANI Wajdi
>>>>
>>>>
>>>> To: winpcap-users at winpcap.org
>>>>
>>>>
>>>> Sent: Wednesday, March 12, 2008 12:09 AM
>>>>
>>>>
>>>> Subject: Re: [Winpcap-users] VOIP [RTP]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> thank you so so much :)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> I took your advice and I solved the problem number 3 :
>>>>
>>>>
>>>> _______________________________________
>>>>
>>>>
>>>> I- change Structure RTP header :
>>>>
>>>>
>>>> struct rtphdr{
>>>>
>>>>
>>>>  unsigned short CSRC_count:4;  // CSRC count
>>>>  unsigned short extension:1;   // header extension flag
>>>>  unsigned short padding:1;   // padding flag
>>>>  unsigned short ver:2; // protocol version
>>>>  unsigned short Payload:7;  // payload type
>>>>  unsigned short Marker:1;   // marker bit
>>>>  unsigned short Sequence;   // sequence number
>>>>  unsigned int Timestamp;   // timestamp
>>>>  unsigned int SSRC;   // synchronization source
>>>>  //unsigned int csrc[1];  // optional CSRC list
>>>>
>>>>
>>>> };
>>>>
>>>>
>>>> _________________________
>>>>
>>>>
>>>> II- replace : sizeof(struct iphdr) by (ip->ihl * 4)
>>>>
>>>>
>>>> rtp=(struct rtphdr *)(pkt_data+(sizeof(struct ethhdr)+(ip->ihl *
>>>> 4)+sizeof(struct udphdr)));
>>>>
>>>>
>>>> ________________________
>>>>
>>>>
>>>> III- htons and htonl :
>>>>
>>>>
>>>> fprintf(stdout,"------------------------------------------------------\n");
>>>> fprintf(stdout,"Version      : %d |\r\n",rtp->ver);
>>>> fprintf(stdout,"Padding       : %.5d |\r\n",htons(rtp->padding));
>>>> fprintf(stdout,"Extension       : %.5d |\r\n",htons(rtp->extension));
>>>> fprintf(stdout,"CSRC_count       : %.5d |\r\n",htons(rtp->CSRC_count));
>>>> fprintf(stdout,"Marker       : %.5d |\r\n",htons(rtp->Marker));
>>>> fprintf(stdout,"Payload      : %d |\r\n",rtp->Payload);
>>>> fprintf(stdout,"Sequence Number       : %u 
>>>> |\r\n",htons(rtp->Sequence));
>>>> fprintf(stdout,"Timestamp       : %u |\r\n",htonl(rtp->Timestamp));
>>>> fprintf(stdout,"Synchronization source       : %u
>>>> |\r\n",htonl(rtp->SSRC));
>>>>
>>>>
>>>> _____________________________
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> For the first and second question i will give you more details maybe
>>>> they
>>>> can help  you to help me :P
>>>> 1-I must create a voip sniffer (to capture communication VOIP on the
>>>> LAN)
>>>> and then to convert them into audio format.
>>>> 2-regroup the paquet of a communication together to store it the
>>>> bitstream
>>>> format required by the decoder (voiceage G729).
>>>> I succeeded in :
>>>> preparing a sniffer in C++ (by using the library winpcap) (capture
>>>> network
>>>> traffic,filtre UDP trafic,Read ethernet,ip,udp  and RTP header)
>>>> and  now i'm working on the bulding of the bitstream file.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thank you,
>>>>
>>>>
>>>> Wajdi TORKHANI
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>>
>>>>
>>>> From: Maria de Fatima Requena
>>>>
>>>>
>>>> To: winpcap-users at winpcap.org
>>>>
>>>>
>>>> Sent: Tuesday, March 11, 2008 8:23 AM
>>>>
>>>>
>>>> Subject: RE: [Winpcap-users] VOIP [RTP]
>>>>
>>>>
>>>>
>>>>
>>>> Maybe the problem is byte order. If you take a look at wireshark
>>>> examples,
>>>> you will see instructions like ntohs, or some ones that apply bit 
>>>> masks,
>>>> that do this change.
>>>>
>>>>
>>>>
>>>> On the other hand, once you have stopped reading packets, you can use
>>>> tools
>>>> to give the streams format. For example goldwave lets you determine the
>>>> type
>>>> of coding you need before opening the file. Anyway, you can manually 
>>>> add
>>>> header format to your files.
>>>>
>>>>
>>>>
>>>> I hope this helps
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> María de Fátima Requena Cabot (2488)
>>>> +34 91 787 23 00 alhambra-eidos.es
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> De: winpcap-users-bounces at winpcap.org
>>>> [mailto:winpcap-users-bounces at winpcap.org] En nombre de Gianluca 
>>>> Varenni
>>>> Enviado el: viernes, 07 de marzo de 2008 18:12
>>>> Para: winpcap-users at winpcap.org
>>>> Asunto: Re: [Winpcap-users] VOIP [RTP]
>>>>
>>>>
>>>>
>>>>
>>>> I'm not an expert about RTP, so I cannot answer questions 1 and 2.
>>>> Regarding
>>>> 3, for sure there's something that "smells" in your code
>>>>
>>>>
>>>> - you are assuming that you are always receiving UDP packets
>>>> encapsulated
>>>> over IPv4. Unless you are filtering the captured packets to make sure
>>>> they
>>>> are IPv4 and UDP, you should check the ethertype and the L3 protocol
>>>> type.
>>>>
>>>>
>>>> - you are assuming that the IP header has a fixed size 
>>>> (...sizeof(struct
>>>> iphdr)...). This is not true. You need to compute the length of the 
>>>> IPv4
>>>> header by looking at the first byte in the IP header itself.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hope it helps
>>>>
>>>>
>>>> GV
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ----- Original Message -----
>>>>
>>>>
>>>> From: TORKHANI Wajdi
>>>>
>>>>
>>>> To: winpcap-users at winpcap.org
>>>>
>>>>
>>>> Sent: Tuesday, March 04, 2008 2:40 PM
>>>>
>>>>
>>>> Subject: [Winpcap-users] VOIP [RTP]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hi,
>>>>
>>>> I get the rtp packet from winpcap but i have the following problem:
>>>>
>>>> 1-how to regroup the paquet of a communication together to store it and
>>>> apply the CODEC(G.729A)?
>>>> 2-how detect the end of call ?!
>>>> 3-I have a problem with reading the RTP header, below a part of my
>>>> source
>>>> code :
>>>> ------------------
>>>>
>>>>
>>>>
>>>> Code:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> struct rtphdr{
>>>>
>>>> unsigned short ver:2 ;
>>>> unsigned short padding:1;
>>>> unsigned short extension:1 ;
>>>> unsigned short CSRC_count:4 ;
>>>> unsigned short Marker:1 ;
>>>> unsigned short Payload :7 ;
>>>> unsigned short Sequence ;// 16 bits
>>>> unsigned int Timestamp;//32 bits
>>>> unsigned int SSRC  ;//32 bits
>>>> };
>>>>
>>>>
>>>> --------------------
>>>> Code:
>>>>
>>>>
>>>> rtp=(struct rtphdr *)(pkt_data+(sizeof(struct ethhdr)+sizeof(struct
>>>> iphdr)+sizeof(struct udphdr)));
>>>>
>>>>
>>>> ---------------------------
>>>>
>>>>
>>>> Code:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> fprintf(stdout,"------------------------------------------------------\n");
>>>> fprintf(stdout,"Version      : %d |\r\n",rtp->ver);
>>>> fprintf(stdout,"Padding       : %.5d |\r\n",htons(rtp->padding));
>>>> fprintf(stdout,"Extension       : %.5d |\r\n",htons(rtp->extension));
>>>> fprintf(stdout,"CSRC_count       : %.5d |\r\n",htons(rtp->CSRC_count));
>>>> fprintf(stdout,"Marker       : %.5d |\r\n",htons(rtp->Marker));
>>>> fprintf(stdout,"Payload      : %.5d |\r\n",htons(rtp->Payload));
>>>> fprintf(stdout,"Sequence Number       : %.5d
>>>> |\r\n",htons(rtp->Sequence));
>>>> fprintf(stdout,"Timestamp       : %.5d |\r\n",htons(rtp->Timestamp));
>>>> fprintf(stdout,"Synchronization source       : %.5d
>>>> |\r\n",htons(rtp->SSRC));
>>>> ------------------------
>>>> Ethernet,IP and UDP header are correct.
>>>> When i compare the result whith ethreal result i fin that only SSRC is
>>>> correct !
>>>> thank you.
>>>> I'm sorry for my bad english
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> TORKHANI Wajdi
>>>>  ________________________________
>>>>
>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>  ________________________________
>>>>
>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>  ________________________________
>>>>
>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>  ________________________________
>>>>
>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>>>  ________________________________
>>>>
>>>>
>>>> _______________________________________________
>>>> Winpcap-users mailing list
>>>> Winpcap-users at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>>> _______________________________________________
>>>>  Winpcap-users mailing list
>>>>  Winpcap-users at winpcap.org
>>>>  https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Winpcap-users mailing list
>>> Winpcap-users at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>>
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
> 

_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users



More information about the Winpcap-users mailing list