videosnarf - Output detected media sessions

Distribution: Fedora 25
Repository: CERT Forensics Tools i386
Package name: videosnarf
Package version: 0.63
Package release: 1.fc25
Package architecture: i686
Package type: rpm
Installed size: 377.84 KB
Download size: 151.33 KB
Official Mirror:
VideoSnarf is a new security assessment tool that takes an offline pcap as input, and outputs any detected media streams (RTP sessions), including common audio codecs as well as H264 Video support. Why did we write VideoSnarf? To give security assessment professionals options to decode media traffic other than forcing them to use UCSniff. We know that some people, for whatever reason, might not be using UCSniff to capture and decode VoIP/Video traffic. For example, some people might want to use Ettercap and their favorite Sniffer (tshark/Wireshark) to capture the traffic, or they might have a monitor SPAN Session and are running a dedicated sniffer and want to re-construct the traffic just using a pcap trace file. VideoSnarf was inspired by the rtpbreak tool. To our knowledge, it is the first tool to detect RTP sessions that are encoded with the H.264 Video Codec, and output raw H264 files. VideoSnarf also supports the following common audio codecs: G711ulaw, G711alaw, G722, G729, G723, and G726. These are the most common audio codecs found in enterprise networks where you are going to be doing security assessments.



  • videosnarf = 0.63-1.fc25
  • videosnarf(x86-32) = 0.63-1.fc25


    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install videosnarf rpm package:
      # dnf --enablerepo=forensics install videosnarf


    • /usr/bin/videosnarf
    • /usr/share/doc/videosnarf/AUTHORS
    • /usr/share/doc/videosnarf/COPYING
    • /usr/share/doc/videosnarf/ChangeLog
    • /usr/share/doc/videosnarf/INSTALL
    • /usr/share/doc/videosnarf/NEWS
    • /usr/share/doc/videosnarf/README