0

I'm working with python scapy and I had to extract voice data from a file with a U-LIC header. It went fine. I took the payload in which there is IP, TCP and RTP.

I've extracted the TCP-Packets successfully and I've ordered them by TCP.sequence, which makes sense between 2 SYN-packages (FLAGS = SYN), because a SYN-Package creates a new sequence number by chance (pls. correct me if I'm wrong).

So at the end of a data goup (flags = PA, A...), how can I know which SYN-PACKAGE is the next one? I'm asking because all sequence numbers of syncronisation packages are built by chance, or is there a system (next syncronisation sequence number must Always be higher than last one…)?

Thanks and regards

Uwe_98
  • 697
  • 1
  • 8
  • 21
  • 1
    You want to know, which TCP SYN packet was generated first i.e. sort SYNs by emission time? What is the purpose of trying to understand it? There is only one SYN-only-packet in one TCP session, so you're trying to determine which session started earlier? – red0ct May 18 '20 at 12:14
  • 1
    Also it's very strange that your RTP works over TCP. It's of course possible, but definitely unnatural. – red0ct May 18 '20 at 12:15
  • @red0ct: Yes exactly, I want that. Is this possible (to determine which session was earlier)? – Uwe_98 May 18 '20 at 13:51
  • @red0ct I've still got a little question for VoIP. Extracting the voice data of one direction of a phone call, one tcp-session how is it defined? Is the whole phone call one TCP-SESSION, or does every time when one user in this direction speaks, start a new one? – Uwe_98 May 18 '20 at 13:56
  • @red0ct: Thank You. This advice resolved my problem. There were 2 files with TCP and 2 with UDP-packages. Every UDP-Package contained one RTP. The TCP-Payload contained data that makes no sense. Now I don't know if with RTP over TCP every TCP package contains one RTP. But I assume it, because with UDP it's the same. – Uwe_98 May 23 '20 at 20:12

0 Answers0