Fast RTP Detection and Codecs Classification in Internet Traffic

Fast RTP Detection and Codecs Classification in Internet Traffic

Peer-reviewed article not indexed in WoS or Scopus

This paper presents a fast multi-stage method for on-line detection of RTP streams and codec identification of transmitted voice or video traffic. The method includes an RTP detector that filters packets based on specific values from UDP and RTP headers. When an RTP stream is successfully detected, codec identification is applied using codec feature sets. The paper shows advantages and limitations of the method and its comparison with other approaches. The method was implemented as a part of network forensics framework NetFox developed in project SEC6NET. Results show that the method can  be  successfully used for Lawful Interception as well as for network monitoring. 

This paper presents a fast multi-stage method for on-line detection of RTP streams and codec identification of transmitted voice or video traffic. The method includes an RTP detector that filters packets based on specific values from UDP and RTP headers. When an RTP stream is successfully detected, codec identification is applied using codec feature sets. The paper shows advantages and limitations of the method and its comparison with other approaches. The method was implemented as a part of network forensics framework NetFox developed in project SEC6NET. Results show that the method can  be  successfully used for Lawful Interception as well as for network monitoring. 

network forensics, RTP detection, codec identification, VoIP

network forensics, RTP detection, codec identification, VoIP

MATOUŠEK, P.; RYŠAVÝ, O.; KMEŤ, M.

2015

18.09.2014

1558-7215

Journal of Digital Forensics Security and Law

2014

2

United States of America

99

110

11

https://commons.erau.edu/jdfsl/vol9/iss2/9/

Fast RTP Detection and Codecs Classification in Internet Traffic
Fast RTP Detection and Codecs Classification in Internet Traffic