Ask Your Question

rtp.timestamp-offset field [closed]

asked 2018-03-05 12:31:04 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.


My purpose is finding a RTP problem because of wrong "RTP packet timing" (not frame time). Probematic device should sending all its RTP with correct RTP sequence number ,this part is correct. however packet timing should follow the same intervals such as increasing each RTP timing 160,320,480,640 etc based on codec and settings. Sending some RTPs with timing difference 160 and then sending rest of it 640 for same conversation violating RFCs and causing distortions. I want to find these kind of packeges quickly with a filter. The "info" section at wireshark is showing "MARK" I tried to filter based on "info" section without success. I want to learn usage of "rtp.timestamp-offset" filter option.I couldn't find any details information for rtp.timestamp-offset

Your help will be appreciated. Regards,

edit retag flag offensive reopen merge delete

Closed for the following reason duplicate question by Fethi
close date 2018-03-07 12:47:54.807229

1 Answer

Sort by ยป oldest newest most voted

answered 2018-03-05 17:17:20 +0000

Jaap gravatar image

There is no field called rtp.timestamp-offset you can filter on. Or are you looking at some math with something called offset?

There is however a field called rtp.marker which you can use in the display filter rtp.marker == 1 to find the packets with the RTP marker it set, if that helps.

Also the RTP graph (menu Telephony|RTP|Stream Analysis) might be helpful to get an overview of what is happening in the RTP stream.

edit flag offensive delete link more


"rtp.timestamp-offset" is display filter command actually like ip.addr == However I couldn't use it successfully , I don't know exact usage of it.

RTP graph is not what I looking for.

However rtp.marker == 1 is exactly displaying what I looking for. Wireshark display is showing MARKs at info section. There should be some algorithms to detect RTP abnormal situations , It is not telling what is the problem however MARKS these packages. I was looking for different timestamps occurance and wireshark was putting some MARKS,I was trying to filter these ones and your command works very well.

Thank you very much. Regards,

Fethi gravatar imageFethi ( 2018-03-06 07:04:38 +0000 )edit

It was not Wireshark that put in those MARKS, it was the RTP endpoint sending the RTP packets that set the mark bit in the RTP header. That is what this display filter matches. Setting the marker bit is recommended if there is a resumption of speech, for instance in voice streams with Voice Activity Detection. The precise meaning of the marker bit in the RTP header depends on the RTP profile applicable for that specific stream.

Jaap gravatar imageJaap ( 2018-03-06 12:42:33 +0000 )edit

Question Tools

1 follower


Asked: 2018-03-05 12:31:04 +0000

Seen: 32 times

Last updated: Mar 05