Add instructions for converting SCTP verbose log to pcap file.

This is pretty useful if you need to debug an SCTP issue. SCTP goes
over DTLS, which is encrypted, which means you need a private key
in order to decrypt a normal packet capture. We don't log this key,
for understandable reasons. So the alternative is to turn on SCTP
verbose logging, then turn the text log into a pcap file.


Bug: None
Change-Id: If3380d7953ea829b3ae9945326d3c820ce7cc6a3
Reviewed-by: Taylor Brandstetter <>
Commit-Queue: Taylor Brandstetter <>
Cr-Commit-Position: refs/heads/master@{#20380}
diff --git a/media/sctp/ b/media/sctp/
index 41d4b7a..112aac6 100644
--- a/media/sctp/
+++ b/media/sctp/
@@ -186,6 +186,23 @@
 // Log the packet in text2pcap format, if log level is at LS_VERBOSE.
+// In order to turn these logs into a pcap file you can use, first filter the
+// "SCTP_PACKET" log lines:
+//   cat chrome_debug.log | grep SCTP_PACKET > filtered.log
+// Then run through text2pcap:
+//   text2pcap -t "%H:%M:%S." -D -u 1024,1024 filtered.log filtered.pcap
+// The value "1024" isn't important, we just need a port for the dummy UDP
+// headers generated. Lastly, you should be able to open filtered.pcap in
+// Wireshark, then right click a packet and "Decode As..." SCTP.
+// Why do all this? Because SCTP goes over DTLS, which is encrypted. So just
+// getting a normal packet capture won't help you, unless you have the DTLS
+// keying material.
 void VerboseLogPacket(const void* data, size_t length, int direction) {
   if (LOG_CHECK_LEVEL(LS_VERBOSE) && length > 0) {
     char* dump_buf;