network-programming udp rtp libpcap winpcap

Extracting RTP payload from packet

I am trying to write a utility to extract the payload from RTP packet. From my understanding about the network packets and protocols, RTP is wrapped in UDP. How can we decide whether the UDP packet that we have captured has RTP packet wrapped in it? I mean it can also be NBNS or MDNS right? I am using Winpcap library and am new to it. I have been given a task to extract the RTP packets from any given pcap dump file.

Solution

Have a look at the RTP packet format at Wikipedia. By studying it you will find a few magic bytes which help you to detect potential RTP packets. Also, RTP packets don't travel alone and you can find related packets by source/dst IP+port and by sequence numbers:

At first find UDP streams, that is same source/destination IP+Port.
Then check if these streams look like RTP, that is the packets have the magic bytes and the sequence numbers suggest that these packets are a single RTP stream (there might be some duplicates or missing packets, but not too much).