Good morning!
I have checked your trace quickly. I do a lot of SIP here too (analyzing 3GB+ traces often.. have to splice them using "editcap" most of the time..)
Here are my general comments:
In the beginning of the trace, we see a lot of "icmp port unreachable" when
62.48.163.65 is trying to send RTP traffic to port
192.168.20.36, port 5004. Later in the flow, it appears that it starts working eventually.
try the following filters:
udp.srcport==5004
and
udp.dstport==5004
and you will see what I mean.
Next, if you use the Statistics/VoIP calls feature, you will see the SIP graph flow. Checking the SDP coming from your terminating endpoint, in the 183, it seems to me that the codec selected is G729.
Next, if you try to perform the Statistics/RTP/Stream Analysis (after selecting one of the RTP packets), you should have a window that pops up that shows you the jitter/bandwidth, etc statistics. That screen has a "Save Payload..." button. I tried saving the stream in an ".au" format but I get told that converting to AU is only support for alaw and ulaw (also known as "g711a" and "g711u").
I didn't try saving in "raw" as I don't know what application would be able to play it.
If you try the Statistics/RTP/Show all streams, you have a Save... button there, but it appears it would save in some sort of "rtpdump" format, which I know nothing about. That may give you what you want, I'm not sure.
Here I only use g711u and the few times I have needed to save the stream, I had it saved in the AU format as explained above. I normally deal with SIP more than RTP, sorry I can't give you more help.
Maybe one thing you could try is to disable g729 on your endpoints and attempt to get the call done (forced) with g711 and see if you have better luck? Maybe your environment mandates g729. If so, the raw file format (and/or rtpdump format) may be better for you, but you'll have to find an application that can play those.
Hope that helps
Antoine
--
Antoine Reid
