Wireshark-users: [Wireshark-users] RTCP: Filtering SDES items in 'tshark'
From: Martin Thorpe <martinjasonthorpe@xxxxxxxxxxxxxx>
Date: Mon, 7 Nov 2011 17:09:45 +0000
Hi all
 
Hope everyone is well :-)
 
Quick question, I am receiving RTCP packets to a Linux host where I am writing away to MySQL based on several thresholds being reached, I would like to write ALL the SDES 'Text' field information but I can only seem to grab part of it, here is an example of the data that is coming in:
 
 
    Real-time Transport Control Protocol (Source description)
        10.. .... = Version: RFC 1889 Version (2)
        ..0. .... = Padding: False
        ...0 0001 = Source count: 1
        Packet type: Source description (202)
        Length: 23 (96 bytes)
        Chunk 1, SSRC/CSRC 0x2CE7939A
            Identifier: 0x2ce7939a (753374106)
            SDES items
                Type: CNAME (user and domain) (1)
                Length: 26
                Text:
ext123456@10.10.10.10:1234
                Type: PHONE (phone number) (4)
                Length: 5
                Text: 50035
                Type: TOOL (name/version of source app) (6)
                Length: 50
                Text: IP Telephone (IP Telephone Firmware Version)
                Type: END (0)
 
Now using my capture running as follows I only am able to display (using fields) the final piece of text from the SDES items:
 
tshark -i eth0 -o "rtp.heuristic_rtp: TRUE" -R 'rtcp.ssrc.cum_nr >= 50' -V -d udp.port==5005,rtcp -e rtcp.ssrc.fraction -e rtcp.ssrc.jitter -e rtcp.ssrc.cum_nr -e rtcp.sdes.text -e ip.src_host -e rtp.ext -S -T fields -E separator=, -E quote=d
 
Is there anyway to also include the telephone extension number as seen in the 'Text' field above the final 'Text' field??
 
Thanks for your help