RTP H.263 Dump Script

Contributor: Mike Brown

There is a Perl module (Net::Pcap) that can decode pcap files; it makes it easy to grab the payload of RTP packets.

This script uses Net::Pcap to do the heavy lifting. The IETF RFCs specify three modes for H.263 [A,B,C] encapsulation in RTP. There is a different size media header for each of these modes. This perl script drops a variable number of octets [58,62,68] of each packet (Ethernet frame headers, IPv4 headers, UDP headers and RTP headers) and writes the rest to a target file.

This script is a modification of the RtpDump script on this site. The modification makes this script specific to H.263 data extraction.

Get Net::Pcap from cpan.org if it is not included in your distribution. (It is in FreeBSD's ports, gentoo's portage, probably others.)

If you are using Windows, the following link might help you installing Net::Pcap into your Perl.


To use this script:

  1. Use TShark first to isolate just the (unidirectional) RTP H.263 packets
  2. Save the data into a pcap file
  3. Run this script on the dump file

The resulting file is a raw dump of the H.263 data.

Back to Tools

Imported from https://wiki.wireshark.org/RtpH263DumpScript on 2020-08-11 23:24:13 UTC