Git Product home page Git Product logo

wireshark-rtpmon's Introduction

wireshark-rtpmon

This is a patched version of Wireshark's source repo, adding a couple of features useful for passive realtime RTP monitoring.

Motivation

When the -z rtp,streams command line option is used, Wireshark collects information about RTP streams it sees on the wire. A report of these stats is printed on the terminal when Wireshark quits.

Even if Wireshark knows what's going on in realtime, it will only produce a summary. Not very useful to see if, for example, ten minutes ago RTP was experiencing high packet loss/delay.

These limitations have been overcome in the simplest possible way by periodically dumping a few data structures to file.

Everything is pretty much experimental and a GUI is still in the works.

Building

git clone "[email protected]:giuliano108/wireshark-rtpmon.git"
./autogen.sh
mkdir build
cd build
export CFLAGS="-D_GCRYPT_IN_LIBGCRYPT=1"
../configure --disable-wireshark --enable-tshark --enable-rtpmon
make

export CFLAGS="-D_GCRYPT_IN_LIBGCRYPT=1" should only be needed on Mac OS, when GCrypt warnings prevent Wireshark from being built successfully.

Usage

Invoke tshark as you'd normally do:

# ./tshark -i eth1 -q -M qpath=~/rtpmon

Here are the additional command line options:

# ./tshark --help
[..]
RTP monitor:
  -M <key=value,..>        Enables the passive RTP monitor/stats collector.
                           Options take the form of key=value pairs.
                           Use a comma to separate multiple options.
    qpath=/tmp
        Statistics will be stored in the given path ("/tmp" by default).
        Multiple files, named "rtpmon-00000.bin", will be created.
        "rtpmonlast.txt" will contain the index to the last dumped sample.
        Each file is a sample of the "rtpstream_tapinfo_t" data structure
        (see "ui/cli/tap-rtp.c").
    qlen=600
        Keep (by default) 600 samples.
        That's 10 minutes worth of data at 1000 ms dump interval.
    dump-interval=1000
        Dump RTP statistics (by default) every 1000 milliseconds.
        Because timing is checked only as new RTP packets arrive, files
        might not get written at exact intervals.
[..]

Using the data produced by wiresark-rtpmon

  • Run ./tshark -M describe-output, check which structures are being dumped.
  • Have a look at Wireshark's sources, decide which info you do need.
  • Decode the files and do something with them.

wireshark-rtpmon's People

Contributors

giuliano108 avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.