rtpbreak包装说明
随着rtpbreak可以检测,重建和分析任何RTP会话。它不需要的RTCP分组的存在,并且独立地工程形成用于信令协议(SIP,H.323,SCCP,...)。输入是数据包的顺序,输出是一组可以作为其他工具的输入使用的文件(Wireshark的/ tshark的,袜中,grep / awk的/剪切/ CAT / sed的,...)。它也支持无线(AP_DLT_IEEE802_11)网络。
- 一个未知或不支持的信令协议重构任何RTP流
- 重建在无线网络中的任何RTP流,而做渠道跳频(VoIP的活动检测器)
- 重建和解码在批处理模式下的任何RTP流(用袜,星号,...)
- 重建所有已经存在的RTP流
- 重新排序任何RTP流以供日后分析的数据包(与tshark的,Wireshark的,...)
- 在一个芯片上的Linux设备建立一个微小的无线VoIP窃听系统
- 构建一个完整的VoIP窃听系统(rtpbreak将只是RTP剥离模块!)
资料来源:rtpbreak文档
rtpbreak首页 | 卡利rtpbreak回购
- 作者:Dallachiesa米歇尔
- 许可:GPL第二版
包含在rtpbreak包工具
rtpbreak - 检测,重建,并分析RTP会话
[email protected]:~# rtpbreak -h
Copyright (c) 2007-2008 Dallachiesa Michele <micheleDOTdallachiesaATposteDOTit>
rtpbreak v1.3a is free software, covered by the GNU General Public License.
USAGE: rtpbreak (-r|-i) <source> [options]
INPUT
-r <str> Read packets from pcap file <str>
-i <str> Read packets from network interface <str>
-L <int> Force datalink header length == <int> bytes
OUTPUT
-d <str> Set output directory to <str> (def:.)
-w Disable RTP raw dumps
-W Disable RTP pcap dumps
-g Fill gaps in RTP raw dumps (caused by lost packets)
-n Dump noise packets
-f Disable stdout logging
-F Enable syslog logging
-v Be verbose
SELECT
-m Sniff packets in promisc mode
-p <str> Add pcap filter <str>
-e Expect even destination UDP port
-u Expect unprivileged source/destination UDP ports (>1024)
-y <int> Expect RTP payload type == <int>
-l <int> Expect RTP payload length == <int> bytes
-t <float> Set packet timeout to <float> seconds (def:10.00)
-T <float> Set pattern timeout to <float> seconds (def:0.25)
-P <int> Set pattern packets count to <int> (def:5)
EXECUTION
-Z <str> Run as user <str>
-D Run in background (option -f implicit)
MISC
-k List known RTP payload types
-h This
rtpbreak用法示例
使用eth0设备(-i eth0的)分析 RTP流,填补空白(-g),嗅探在混杂模式(-m),并保存到指定目录(-d rtplog):
[email protected]:~# rtpbreak -i eth0 -g -m -d rtplog
+ rtpbreak v1.3a running here!
+ pid: 10951, date/time: 17/05/2014#13:40:02
+ Configuration
+ INPUT
Packet source: iface 'eth0'
Force datalink header length: disabled
+ OUTPUT
Output directory: 'rtplog'
RTP raw dumps: enabled
RTP pcap dumps: enabled
Fill gaps: enabled
Dump noise: disabled
Logfile: 'rtplog/rtp.0.txt'
Logging to stdout: enabled
Logging to syslog: disabled
Be verbose: disabled
+ SELECT
Sniff packets in promisc mode: enabled
Add pcap filter: disabled
Expecting even destination UDP port: disabled
Expecting unprivileged source/destination UDP ports: disabled
Expecting RTP payload type: any
Expecting RTP payload length: any
Packet timeout: 10.00 seconds
Pattern timeout: 0.25 seconds
Pattern packets: 5
+ EXECUTION
Running as user/group: root/root
Running daemonized: disabled
* You can dump stats sending me a SIGUSR2 signal
* Reading packets...