SIP calls to separate pcaps,payloads,wavs. There is a possibility to mark a SIP number as "live" for piping it's VOIP calls to an external program (like sox or ffmpeg).
Usage variants:
tshark -n -q -i eth0 -z rtp,save
tshark -n -q -r /PCAPs/SIP_CALLS_RTP_G711 -z rtp,save
tshark -n -q -ieth0 -Xlua_script:write-splitted-voip-with-db.lua
tshark -n -q -r /PCAPs/SIP_CALLS_RTP_G729 -Xlua_script:write-splitted-voip-with-db.lua
write-splitted-voip-with-db.lua refers to ./payload2wav . ./payload2wav converts rtp payload to a wav file. use
make
to build ./payload2wav. payload2wav depends on bcg729 lib.
write-splitted-voip-with-db.lua depends on luasql and postgres table cdr . You may just comment driver.postgres, env:connect, con:execute and to function without Postgres. payload2wav depends on bcg729 lib.
You can use payload2wav on a payload file (e.g. G711mu data):
payload2wav /data/pcaps/12013223\@200.57.7.195_1492336106.8
payload2wav /data/pcaps/12013223\@200.57.7.195_1492336106.8 /data/wavfiles/
There is also the INOTIFY variant of the payload2wav here. It converts payload files to WAV in a specified directory on an event IN_CLOSE_WRITE. It's just run independently from a payload generator:
inotify-payload2wav /data/pcaps1/payload /data/pcaps1/wav
tap-rtpsave.c is a tap extension for tshark which working like write-splitted-voip-with-db.lua but is more elaborated and faster.
To build tshark with it, you need to put tap-rtpsave.c in the ui/cli subdirectory of wireshark sources, add it to CMakeLists.txt,ui/cli/Makefile and to ui/cli/tshark-tap-register.c
(or, if you want to do patching before ./configure , to CMakeLists.txt,ui/cli/Makefile.am,ui/cli/Makefile.in and to ui/cli/tshark-tap-register.c). You need also add libpq to tshark
building (e.g add -lpq to LIBS = -lz -lm in wireshark-2.4.1/Makefile ).
Enjoy!