I'm using tcpdump in the manner described here http://www.erg.abdn.ac.uk/multicast/tools_notes/tcpdump.html#rtp to extract RTCP packets between my browser and a media server I have running.
Some example data:
192.168.56.1.55281 > 192.168.56.103.56858: sr 2060503618 @4039366103.08 2985649056 3759504059p 947804803b type-0xfa 160544
192.168.56.1.55281 > 192.168.56.103.56858: sr 2060503618 @4086113093.65 724273245 4090890645p 3217937232b type-0x6e 28300
192.168.56.1.55281 > 192.168.56.103.56858: sr 2060503618 @2251420711.18 185215175 650796127p 3621147513b type-0x66 120348
From what I understand the number after the @ symbol is a NTP Reference timestamp, and the number following that is the media timestamp reference, however when I convert these to dates they seem random, and neither timestamp is ever close to the actual time.
From looking around it seems like the following are equally possible:
a) I'm completely missing something.
b) I'm seeing encrypted data.
c) I'm seeing the result of buggy code.
This question: Reading RTCP packets from an IP camera using FFMPEG looks very much related, except it dealt with RTSP, not RTP.
