rtpbreak包装说明

随着rtpbreak可以检测,重建和分析任何RTP会话。它不需要的RTCP分组的存在,并且独立地工程形成用于信令协议(SIP,H.323,SCCP,...)。输入是数据包的顺序,输出是一组可以作为其他工具的输入使用的文件(Wireshark的/ tshark的,袜中,grep / awk的/剪切/ CAT / sed的,...)。它也支持无线(AP_DLT_IEEE802_11)网络。

  • 一个未知或不支持的信令协议重构任何RTP流
  • 重建在无线网络中的任何RTP流,而做渠道跳频(VoIP的活动检测器)
  • 重建和解码在批处理模式下的任何RTP流(用袜,星号,...)
  • 重建所有已经存在的RTP流
  • 重新排序任何RTP流以供日后分析的数据包(与tshark的,Wireshark的,...)
  • 在一个芯片上的Linux设备建立一个微小的无线VoIP窃听系统
  • 构建一个完整的VoIP窃听系统(rtpbreak将只是RTP剥离模块!)

资料来源:rtpbreak文档
rtpbreak首页 | 卡利rtpbreak回购

  • 作者:Dallachiesa米歇尔
  • 许可:GPL第二版

包含在rtpbreak包工具

rtpbreak - 检测,重建,并分析RTP会话
[email protected]:~# rtpbreak -h
Copyright (c) 2007-2008 Dallachiesa Michele <micheleDOTdallachiesaATposteDOTit>
rtpbreak v1.3a is free software, covered by the GNU General Public License.

USAGE: rtpbreak (-r|-i) <source> [options]

 INPUT

  -r <str>      Read packets from pcap file <str>
  -i <str>      Read packets from network interface <str>
  -L <int>      Force datalink header length == <int> bytes

 OUTPUT

  -d <str>      Set output directory to <str> (def:.)
  -w            Disable RTP raw dumps
  -W            Disable RTP pcap dumps
  -g            Fill gaps in RTP raw dumps (caused by lost packets)
  -n            Dump noise packets
  -f            Disable stdout logging
  -F            Enable syslog logging
  -v            Be verbose

 SELECT

  -m            Sniff packets in promisc mode
  -p <str>      Add pcap filter <str>
  -e            Expect even destination UDP port
  -u            Expect unprivileged source/destination UDP ports (>1024)
  -y <int>      Expect RTP payload type == <int>
  -l <int>      Expect RTP payload length == <int> bytes
  -t <float>    Set packet timeout to <float> seconds (def:10.00)
  -T <float>    Set pattern timeout to <float> seconds (def:0.25)
  -P <int>      Set pattern packets count to <int> (def:5)

 EXECUTION

  -Z <str>      Run as user <str>
  -D            Run in background (option -f implicit)

 MISC

  -k            List known RTP payload types
  -h            This

rtpbreak用法示例

使用eth0设备(-i eth0的)分析 RTP流,填补空白(-g),嗅探在混杂模式(-m),并保存到指定目录(-d rtplog):

[email protected]:~# rtpbreak -i eth0 -g -m -d rtplog
 + rtpbreak v1.3a running here!
 + pid: 10951, date/time: 17/05/2014#13:40:02
 + Configuration
   + INPUT
     Packet source: iface 'eth0'
     Force datalink header length: disabled
   + OUTPUT
     Output directory: 'rtplog'
     RTP raw dumps: enabled
     RTP pcap dumps: enabled
     Fill gaps: enabled
     Dump noise: disabled
     Logfile: 'rtplog/rtp.0.txt'
     Logging to stdout: enabled
     Logging to syslog: disabled
     Be verbose: disabled
   + SELECT
     Sniff packets in promisc mode: enabled
     Add pcap filter: disabled
     Expecting even destination UDP port: disabled
     Expecting unprivileged source/destination UDP ports: disabled
     Expecting RTP payload type: any
     Expecting RTP payload length: any
     Packet timeout: 10.00 seconds
     Pattern timeout: 0.25 seconds
     Pattern packets: 5
   + EXECUTION
     Running as user/group: root/root
     Running daemonized: disabled
 * You can dump stats sending me a SIGUSR2 signal
 * Reading packets...