Skip to content

Text2pcap RTP and RTCP capturing

Jump to bottom
Sebastian Reimers edited this page May 14, 2024 · 6 revisions

text2pcap is useful for debugging encrypted connections like DTLS_SRTP from application context.

See: https://blog.mozilla.org/webrtc/debugging-encrypted-rtp-is-more-fun-than-it-used-to-be/

Build options (libre and baresip)

Needs at least baresip v3.10.0 (current main)

cmake -B build -DUSE_TRACE=ON -DCMAKE_C_FLAGS="-DRE_RTP_PCAP"
cmake --build build

Text2pcap dump

Start baresip and connections normally. Traces are written to re_trace.json after exit you can extract the pcap traces with jq and text2pcap:

jq -r ".traceEvents[] | select (.cat == \"pcap\") | .args.pcap" re_trace.json | text2pcap -D -n -l1 -i17 -u 1000,2000 -t '%H:%M:%S.%f' - dump.pcapng

Big re_trace.json files can be streamed like this

jq -r --stream "select(.[0][3] == \"pcap\" and .[1] != null) | .[1]" re_trace.json | text2pcap -D -n -l1 -i17 -u 1000,2000 -t '%H:%M:%S.%f' - dump.pcapng

The dump can now be opened with wireshark:

wireshark dump.pcapng
Clone this wiki locally