Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: [Wireshark-users] Passively record H.323 video conferences

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Brandon Kahler" <bkahler@xxxxxxxxxxxxxxxx>
Date: Thu, 28 Sep 2006 11:27:51 -0700

I’ve been working on a project here at work to setup a system to passively record all H.323 video conferences that take place.  Our office has nine VC units in conference rooms that are in use on a regular basis.  We get requests to record certain training events but right now we are limited to using a VCR attached to the VC unit.  Tapes are a pain, the quality is awful, and there just has to be a better way.  I really don’t want to simply change the VCRs out with DVR/PVR units as that still introduces conversion of the video.

 

What I want to do:

Have a machine (or multiple) setup near the boarder on a mirror port.

Tell Wireshark (or multiple instances)

            Listen for call setup

            Write the call to a capture file

            Listen for call teardown

            Stop capturing

            Reset and continue listening

After the file is captured, filter out just the video stream and write it to a video file (AVI container) that any media player can view.  This will probably require a separate application to transcode the raw H.264 video to something like MPEG, WMV, QT, etc..

 

Ultimately I want the entire process to be completely hands off.  All calls, regardless of content, will be recorded.  Those files will reside in a folder for a set number of days before being purged.  After an event the presenter has the option of retrieving the video file from the shared folder.

 

I’ve done some digging and found the script RTSP263DumpPayload.pl  http://wiki.wireshark.org/RtpH263DumpScript but I’m not having much luck moving past this point.  Automation is the key here.  Having a system that will automatically dump both forward and reverse streams to files, strip out the headers, and encode to a specific format would be ideal.

 

All nine VC units have static IP address, so running nine instances of Wireshark each with a specific capture filter is a possibility.

I also started a thread about this at ArsTechnica but we’ve not come up with much.  http://episteme.arstechnica.com/eve/forums/a/tpc/f/469092836/m/518001111831

 

 

Thank you,

 

Brandon Kahler
Senior Network Analyst
bkahler@xxxxxxxxxxxxxxxx
601 McPhee Rd SW * Olympia, WA 98520
Desk 360-464-6791 * Fax 360-464-6900
http://www.esd113.k12.wa.us

 

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube