Comments (11)
sp4rkie
commented on June 12, 2024
if there are no lines like this (with leading 'forward'):
skimming calls:
ex_line open: { tshark -n -r trace.tun0.50 -Y rtp -T fields -e _ws.col.Time -e udp.srcport -e udp.dstport; } 2>&1
forward: 2021-09-11 12:53:40.197583 26424 15662 reverse: 2021-09-11 12:53:41.227208 15662 26424
forward: 2021-09-11 12:54:29.192534 16526 15638 reverse: 2021-09-11 12:54:30.220265 15638 16526
[...]
tshark could not detect any calls. As a result no audio is extracted.
from pcap2audio.
gmagill
commented on June 12, 2024
I am getting the same issue although wireshark analyses and decodes the audio just fine. Please take a look at my capture file. Maybe you can see what is missing. Any tips would be much appreciated.
https://drive.google.com/file/d/17KRy7NEnNQNfHg31fLud3ZYi2t2hXC7S/view?usp=sharing
from pcap2audio.
sp4rkie
commented on June 12, 2024
just had a look at your capture file. It is incomplete since the recording process obviously got no chance to flush all data to the file. Nevertheless one call could be extracted without issues though:
$ git_pcap2audio/pcap2audio -f capture.pcap
skimming calls:
** (process:3883131): WARNING **: 20:58:15.398: Obsolete preference "gui.hex_dump_highlight_style" at line 44 of
/home/toh/.wireshark/preferences (save preferences to remove this warning)
** (process:3883131): WARNING **: 20:58:15.398: Obsolete preference "gui.webbrowser" at line 107 of
/home/toh/.wireshark/preferences (save preferences to remove this warning)
forward: 2022-10-30 11:53:35.566666 29288 5000 reverse: 2022-10-30 11:53:38.853257 5000 29288
tshark: The file "capture.pcap" appears to have been cut short in the middle of a packet.
extracting audio:
0 -> 29288 5000 2022-10-30 11:53:35.566666 [ 377 ] 2022-10-30 11:53:38.853257 [ 10 ]
/tmp/pcap2audio_2022-10-30_11:53:35_m.wav
file '/tmp/pcap2audio_2022-10-30_11:53:35_m.wav' gets generated and is playable
from pcap2audio.
gmagill
commented on June 12, 2024
Do you have a paypal account that I can thank you with?
I am not getting the forward and reverse messages you display. What version are you using?
administrator@asterisk:~/sipp$ tshark -v
TShark (Wireshark) 3.6.2 (Git v3.6.2 packaged as 3.6.2-2)
administrator@asterisk:~/sipp$ tcpdump -V
tcpdump: option requires an argument -- 'V'
tcpdump version 4.99.1
libpcap version 1.10.1 (with TPACKET_V3)
OpenSSL 3.0.2 15 Mar 2022
Here is my result:
administrator@asterisk:~/sipp$ tshark -n -r capture.pcap -Y rtp -T fields -e _ws.col.Time -e udp.srcport -e udp.dstport
0.280040 29288 5000
0.309827 29288 5000
0.339852 29288 5000
0.369833 29288 5000
0.398779 29288 5000
0.428816 29288 5000
0.458846 29288 5000
0.488785 29288 5000
0.518832 29288 5000
0.548869 29288 5000
0.578796 29288 5000
0.608788 29288 5000
0.638853 29288 5000
0.668814 29288 5000
0.698827 29288 5000
0.728864 29288 5000
0.758798 29288 5000
0.788851 29288 5000
0.818840 29288 5000
0.848811 29288 5000
0.878831 29288 5000
0.908782 29288 5000
0.938852 29288 5000
0.968785 29288 5000
0.998781 29288 5000
1.028796 29288 5000
1.058844 29288 5000
1.088816 29288 5000
1.118761 29288 5000
1.148855 29288 5000
1.178803 29288 5000
1.208807 29288 5000
1.238805 29288 5000
1.268804 29288 5000
1.298810 29288 5000
1.328735 29288 5000
1.358825 29288 5000
1.388838 29288 5000
1.418836 29288 5000
1.448861 29288 5000
1.478795 29288 5000
1.509554 29288 5000
1.538785 29288 5000
1.568879 29288 5000
1.598768 29288 5000
1.628816 29288 5000
1.658783 29288 5000
1.688836 29288 5000
1.718846 29288 5000
1.748779 29288 5000
1.778855 29288 5000
1.808776 29288 5000
1.838774 29288 5000
1.878893 29288 5000
1.908804 29288 5000
1.938810 29288 5000
1.968769 29288 5000
1.998825 29288 5000
2.028809 29288 5000
2.058793 29288 5000
2.088807 29288 5000
2.118892 29288 5000
2.148894 29288 5000
2.178818 29288 5000
2.208768 29288 5000
2.238797 29288 5000
2.268789 29288 5000
2.298777 29288 5000
2.328723 29288 5000
2.358738 29288 5000
2.388772 29288 5000
2.418851 29288 5000
2.448841 29288 5000
2.478825 29288 5000
2.508775 29288 5000
2.538841 29288 5000
2.568780 29288 5000
2.598799 29288 5000
2.628822 29288 5000
2.658748 29288 5000
2.688752 29288 5000
2.718809 29288 5000
2.748774 29288 5000
2.778738 29288 5000
2.808790 29288 5000
2.838772 29288 5000
2.868844 29288 5000
2.898788 29288 5000
2.928776 29288 5000
2.958728 29288 5000
2.988759 29288 5000
3.018752 29288 5000
3.048765 29288 5000
3.078752 29288 5000
3.108731 29288 5000
3.138731 29288 5000
3.168770 29288 5000
3.198799 29288 5000
3.228780 29288 5000
3.258774 29288 5000
3.288863 29288 5000
3.318801 29288 5000
3.348738 29288 5000
3.378776 29288 5000
3.408751 29288 5000
3.438713 29288 5000
3.468814 29288 5000
3.498762 29288 5000
3.528728 29288 5000
3.558717 29288 5000
3.566631 5000 29288
3.586763 5000 29288
3.588831 29288 5000
3.606600 5000 29288
3.618756 29288 5000
3.626655 5000 29288
3.646673 5000 29288
3.648748 29288 5000
3.666634 5000 29288
3.678667 29288 5000
3.686637 5000 29288
3.706564 5000 29288
3.706647 5000 29288
3.706688 5000 29288
3.708754 29288 5000
3.738757 29288 5000
3.768779 29288 5000
3.798789 29288 5000
3.828821 29288 5000
3.858731 29288 5000
3.888788 29288 5000
3.918774 29288 5000
3.948819 29288 5000
3.978743 29288 5000
4.008784 29288 5000
4.038726 29288 5000
4.068859 29288 5000
4.098739 29288 5000
4.128847 29288 5000
4.158804 29288 5000
4.188749 29288 5000
4.218776 29288 5000
4.248757 29288 5000
4.278779 29288 5000
4.308794 29288 5000
4.338743 29288 5000
4.368821 29288 5000
4.398877 29288 5000
4.428754 29288 5000
4.458823 29288 5000
4.488818 29288 5000
4.518735 29288 5000
4.548766 29288 5000
4.578766 29288 5000
4.608735 29288 5000
4.638777 29288 5000
4.668839 29288 5000
4.698854 29288 5000
4.728774 29288 5000
4.758753 29288 5000
4.788823 29288 5000
4.818736 29288 5000
4.848754 29288 5000
4.878745 29288 5000
4.908763 29288 5000
4.938744 29288 5000
4.968762 29288 5000
4.998760 29288 5000
5.028805 29288 5000
5.058740 29288 5000
5.088724 29288 5000
5.118764 29288 5000
5.148711 29288 5000
5.178766 29288 5000
5.208877 29288 5000
5.238750 29288 5000
5.268757 29288 5000
5.298746 29288 5000
5.328740 29288 5000
5.358776 29288 5000
5.388781 29288 5000
5.418699 29288 5000
5.448774 29288 5000
5.478830 29288 5000
5.508769 29288 5000
5.538755 29288 5000
5.568727 29288 5000
5.598775 29288 5000
5.628732 29288 5000
5.658708 29288 5000
5.688778 29288 5000
5.718778 29288 5000
5.748776 29288 5000
5.778836 29288 5000
5.808752 29288 5000
5.838745 29288 5000
5.868741 29288 5000
5.898752 29288 5000
5.928770 29288 5000
5.958730 29288 5000
5.988780 29288 5000
6.018756 29288 5000
6.048782 29288 5000
6.078767 29288 5000
6.108731 29288 5000
6.138697 29288 5000
6.168698 29288 5000
6.198775 29288 5000
6.228715 29288 5000
6.258756 29288 5000
6.288707 29288 5000
6.318753 29288 5000
6.348737 29288 5000
6.378736 29288 5000
6.408764 29288 5000
6.438675 29288 5000
6.468699 29288 5000
6.498700 29288 5000
6.528719 29288 5000
6.558676 29288 5000
6.588784 29288 5000
6.618763 29288 5000
6.648759 29288 5000
6.678710 29288 5000
6.708733 29288 5000
6.738690 29288 5000
6.768709 29288 5000
6.798717 29288 5000
6.828679 29288 5000
6.858716 29288 5000
6.888751 29288 5000
6.918662 29288 5000
6.948759 29288 5000
6.978703 29288 5000
7.008769 29288 5000
7.038720 29288 5000
7.068663 29288 5000
7.098789 29288 5000
7.128704 29288 5000
7.158731 29288 5000
7.188714 29288 5000
7.218757 29288 5000
7.248773 29288 5000
7.278742 29288 5000
7.308767 29288 5000
7.338767 29288 5000
7.368713 29288 5000
7.398760 29288 5000
7.428743 29288 5000
7.458766 29288 5000
7.488720 29288 5000
7.518754 29288 5000
7.548708 29288 5000
7.578712 29288 5000
7.608723 29288 5000
7.638705 29288 5000
7.668747 29288 5000
7.698785 29288 5000
7.728773 29288 5000
7.758650 29288 5000
7.788706 29288 5000
7.818737 29288 5000
7.848715 29288 5000
7.878679 29288 5000
7.908637 29288 5000
7.938712 29288 5000
7.968798 29288 5000
7.998727 29288 5000
8.028721 29288 5000
8.058676 29288 5000
8.088679 29288 5000
8.118725 29288 5000
8.148665 29288 5000
8.178743 29288 5000
8.208700 29288 5000
8.238769 29288 5000
8.268764 29288 5000
8.298722 29288 5000
8.328685 29288 5000
8.358714 29288 5000
8.388795 29288 5000
8.418692 29288 5000
8.448731 29288 5000
8.478693 29288 5000
8.508727 29288 5000
8.538723 29288 5000
8.568704 29288 5000
8.598677 29288 5000
8.628720 29288 5000
8.658671 29288 5000
8.688716 29288 5000
8.718671 29288 5000
8.748689 29288 5000
8.778643 29288 5000
8.808705 29288 5000
8.838694 29288 5000
8.868693 29288 5000
8.898709 29288 5000
8.928692 29288 5000
8.958769 29288 5000
8.988718 29288 5000
9.018746 29288 5000
9.048663 29288 5000
9.078667 29288 5000
9.108715 29288 5000
9.138702 29288 5000
9.168667 29288 5000
9.198703 29288 5000
9.228690 29288 5000
9.258680 29288 5000
9.288647 29288 5000
9.318691 29288 5000
9.348705 29288 5000
9.378808 29288 5000
9.408743 29288 5000
9.438702 29288 5000
9.468725 29288 5000
9.498663 29288 5000
9.528671 29288 5000
9.558649 29288 5000
9.588631 29288 5000
9.618636 29288 5000
9.648667 29288 5000
9.678633 29288 5000
9.708635 29288 5000
9.738608 29288 5000
9.768650 29288 5000
9.798640 29288 5000
9.828645 29288 5000
9.858634 29288 5000
9.888658 29288 5000
9.918648 29288 5000
9.948628 29288 5000
9.978622 29288 5000
10.008635 29288 5000
10.038636 29288 5000
10.068651 29288 5000
10.098634 29288 5000
10.128642 29288 5000
10.158696 29288 5000
10.188681 29288 5000
10.218637 29288 5000
10.248693 29288 5000
10.278699 29288 5000
10.308774 29288 5000
10.338716 29288 5000
10.368663 29288 5000
10.398765 29288 5000
10.428734 29288 5000
10.458676 29288 5000
10.488716 29288 5000
10.518618 29288 5000
10.548587 29288 5000
10.578668 29288 5000
10.608670 29288 5000
10.638651 29288 5000
10.668646 29288 5000
10.698664 29288 5000
10.728714 29288 5000
10.758669 29288 5000
10.788668 29288 5000
10.818708 29288 5000
10.848722 29288 5000
10.878650 29288 5000
10.908643 29288 5000
10.938644 29288 5000
10.968610 29288 5000
10.998633 29288 5000
11.028666 29288 5000
11.058634 29288 5000
11.088671 29288 5000
11.118633 29288 5000
11.148653 29288 5000
11.178595 29288 5000
11.208586 29288 5000
11.238599 29288 5000
11.268641 29288 5000
11.298656 29288 5000
11.328696 29288 5000
11.358670 29288 5000
11.388727 29288 5000
11.418728 29288 5000
11.448654 29288 5000
11.478742 29288 5000
11.508635 29288 5000
11.538743 29288 5000
11.568649 29288 5000
11.598612 29288 5000
11.629629 29288 5000
I have also tried tshark version 2.6.20 and also get the same results.
Many thanks for your time.
from pcap2audio.
sp4rkie
commented on June 12, 2024
I'm using Debian Bullseye on all machines around me.
$ dpkg -l | grep tshark
ii tshark 3.4.10-0+deb11u1 amd64 network traffic analyzer - console version
I get the same results as you but with absolute timestamps:
$ tshark -n -r capture.pcap -Y rtp -T fields -e _ws.col.Time -e udp.srcport -e udp.dstport
2022-10-30 11:53:35.566666 29288 5000
2022-10-30 11:53:35.596453 29288 5000
2022-10-30 11:53:35.626478 29288 5000
2022-10-30 11:53:35.656459 29288 5000
2022-10-30 11:53:35.685405 29288 5000
2022-10-30 11:53:35.715442 29288 5000
2022-10-30 11:53:35.745472 29288 5000
2022-10-30 11:53:35.775411 29288 5000
2022-10-30 11:53:35.805458 29288 5000
[...]
your version of tshark prefers relative time stamps as a default why ever. You should play with the '-t' option to fix this.
from pcap2audio.
gmagill
commented on June 12, 2024
Thanks. I have modified your script and added the -t ad option and now I get a similar date format but it is still not producing a .wav file
I am not real good at awk but could the comma in the time format be causing an issue?
tshark -n -r echo-test.pcap -Y rtp -T fields -e _ws.col.Time -e udp.srcport -e udp.dstport -t ad
2022-10-31 14:20:29,677931 29320 15190
2022-10-31 14:20:29,678754 15190 29320
2022-10-31 14:20:29,697728 29320 15190
2022-10-31 14:20:29,698958 15190 29320
2022-10-31 14:20:29,717696 29320 15190
What pattern are you searching for in order to generate this:
forward: 2021-09-11 12:53:40.197583 26424 15662 reverse: 2021-09-11 12:53:41.227208 15662 26424
forward: 2021-09-11 12:54:29.192534 16526 15638 reverse: 2021-09-11 12:54:30.220265 15638 16526
from pcap2audio.
gmagill
commented on June 12, 2024
I solved the issue with a little python script. Perhaps it might be helpful to someone else.
import pyshark
rtp_list = []
cap = pyshark.FileCapture('capture.pcap', display_filter='rtp')
raw_audio = open('capture.raw','wb')
for i in cap:
try:
rtp = i[3]
if rtp.payload:
#print(rtp.payload)
rtp_list.append(rtp.payload.split(":"))
except:
pass
for rtp_packet in rtp_list:
packet = " ".join(rtp_packet)
#print(packet)
audio = bytearray.fromhex(packet)
raw_audio.write(audio)
from pcap2audio.
sp4rkie
commented on June 12, 2024
thanks for your suggestion. How does your tool chain finally look like? You call your script and feed the output to 'pcap2audio'?
from pcap2audio.
gmagill
commented on June 12, 2024
I do a tcpdump just like you and name the file capture.pcap and then I run this script using python. The result is written to a file called capture.raw and that can be converted to a wave file using sox:
sox -t al -c 1 capture.raw capture.wav
from pcap2audio.
sp4rkie
commented on June 12, 2024
ok, seems I have to make my tool more tolerant against variations of tshark versions out there:-)
from pcap2audio.
gmagill
commented on June 12, 2024
Yes, your code is working fine - there just seem to be widely differing versions of tshark depending on which Linux variant you are using. Ubuntu 20.04 und Raspbian do not have the correct version.
from pcap2audio.
Related Issues (2)
- Pcmu HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pcap2audio.