如何判断数据包是否是RTP/RTCP?

发布于 2024-09-02 22:26:35 字数 280 浏览 9 评论 0原文

我正在使用基于 WinPCap 构建的 SharpPCap 来捕获 UDP 流量。我的最终目标是从 H.323 捕获音频数据并将这些电话对话保存为 WAV 文件。但第一件事是第一件事 - 我需要弄清楚我的 UDP 数据包正在通过 NIC。

SharpPCap 提供了一个 UdpPacket 类,使我能够访问消息的 PayloadData。但我不确定如何处理这些数据。这是一个 Byte[] 数组,我不知道如何确定它是 RTP 还是 RTCP 数据包。

我用谷歌搜索过这个主题,但没有太多内容。任何帮助表示赞赏。

I am using SharpPCap which is built on WinPCap to capture UDP traffic. My end goal is to capture the audio data from H.323 and save those phone conversations as WAV files. But first thing is first - I need to figure out what my UDP packets are crossing the NIC.

SharpPCap provides a UdpPacket class that gives me access to the PayloadData of the message. But I am unsure what do with this data. It's a Byte[] array and I don't know how to go about determining if it's an RTP or RTCP packet.

I've Googled this topic but there isn't much out there. Any help is appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

酒废 2024-09-09 22:26:35

查看RFC 3550中RTP和RTCP数据包的定义:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|V=2|P|X|  CC   |M|     PT      |       sequence number         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                           timestamp                           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           synchronization source (SSRC) identifier            |
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
|            contributing source (CSRC) identifiers             |
|                             ....                              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

我不会重现上述所有内容的图例 - 它很长 - 但请看一下 部分5.1

有了这些,您就会发现您可以做很多事情来确定数据包是否包含 RTP/RTCP。正如其他发帖者所建议的,最好的是嗅探媒体流谈判。第二个最好的方法是对一系列数据包进行某种模式匹配:前两位是 10,接下来的两位是恒定的,接下来的位 9 到 15 是恒定的,然后是 16 -> 16。 31递增,依此类推。

Look at the definitions for RTP and RTCP packets in RFC 3550:

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|V=2|P|X|  CC   |M|     PT      |       sequence number         |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                           timestamp                           |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           synchronization source (SSRC) identifier            |
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
|            contributing source (CSRC) identifiers             |
|                             ....                              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

I won't reproduce the legend for all of the above - it's quite long - but take a look at Section 5.1.

With that in hand you'll see there's not a lot you can do to determine if a packet contains RTP/RTCP. Best of all would be to sniff, as other posters have suggested, the media stream negotiation. Second best would be some sort've pattern matching over a sequence of packets: the first two bits will be 10, followed by the next two bits being constant, followed by bits 9 through 15 being constant, then 16 -> 31 incrementing, and so on.

落花浅忆 2024-09-09 22:26:35

我会查看 Wireshark 中的数据包检测器,它可以解码最常见的可用协议。

I would look at the packet detectors in Wireshark, which can decode most common protocols available.

甚是思念 2024-09-09 22:26:35

如果通过 RTSP 完成通信,请查看 SETUP 时协商的 udp 端口​​。

udp 端口​​会告诉您它是 RTP 还是 RTCP(还值得注意的是,RTP 通常在偶数端口号上完成,而 RTCP 在奇数端口号上完成)。

最后,如果您通过 RTSP 进行通信,您可以从 DESCRIBE 中的 SDP 文件中获取有效负载编号列表,然后检查 RTP 标头中的有效负载类型,以告诉编解码器您需要解码有效负载。

If communucations are done over RTSP, take a look at the udp port that is negotiated upon SETUP.

the udp port will tell you if it is RTP or RTCP (also worth noting that RTP is usually done over even port numbers and RTCP on odd).

finally if you are communicating via RTSP you can take the list of payload numbers from the SDP file from the DESCRIBE and then check the payload type in the RTP header to tell the codec you need to decode the payload.

魄砕の薆 2024-09-09 22:26:35

我相信您需要查看 RTP 数据包之前的 SIP 数据包。

Pcap.Net 网站上有关于此问题的讨论

I believe you need to look at the SIP packets that come before the RTP packets.

There is a discussion on this issue on Pcap.Net site.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文