Ask Your Question
0

How wireshark decodes RTP packets from UDP

asked 2020-11-23 10:49:28 +0000

geek_wannabe gravatar image

Hello,

I'm interested how Wireshark decodes RTP packets (which criteria is used to separate them from UDP). I'm trying to create a RTP packet flow using scapy, I' entering all the information needed in RTP hrader:

while seq < 10:
  ip_layer = IP(src = "10.0.1.21", dst = "10.0.1.40")
  udp_layer = UDP(sport = 16998, dport = 17000)
  rtp_layer = RTP(version=2, padding=0, extension=0, marker=1, payload_type=8, sequence=seq, timestamp=10, sourcesync=0)
  packet = ip_layer/udp_layer/rtp_layer
  send(packet)
  seq = seq + 1
  time_s = time_s + 160

and still packets in wireshark are shown as UDP. I found an option in Preferences -> Protocols -> RTP "Payload Type for RFC2198" = 99 and wondered what 99 means (as didn't find any information on RFC document), maybe I need to add some kind of a special payload next to RTP header?.. Any help would be appreciated. Thanks in advance

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-11-23 12:06:58 +0000

Anders gravatar image

TCP and UDP protocols are dissected based on port or heuristics. In your case you can do "Decode as" and select RTP to dissect the packet as RTP. You can also activate the heuristic for RTP. Heuristic = guessing the protocol by looking at packet data. The RTP heuristic is weak meaning it often makes mistakes and labels packt as RTP even if they are not. In case of RTP Wireshark also looks at control signaling if present (like SIP and SDP) if present and dissects the traffic on the port and IP combination as RTP.

edit flag offensive delete link more

Comments

Here is what I do: Analyze -> Enabled Protocols Search for 'rtp' Enable rtp_udp

Network Direction gravatar imageNetwork Direction ( 2020-11-23 20:22:50 +0000 )edit

Thanks, this worked perfectly!

geek_wannabe gravatar imagegeek_wannabe ( 2020-11-23 21:01:08 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-11-23 10:49:28 +0000

Seen: 12,056 times

Last updated: Nov 23 '20

Related questions

How to connect rtp streams with corresponding voip calls?

Now that the g.729 codec patent has expired, will Wireshark include a decoder for it?

Having issues with RTP not showing up in Voip Calls flow sequence in version 2.4.2.

RTP player playback issue

Registering RTP dissector for PCMU Payload Type 0

convert RTP to TS

player button

Decode TURN Traffic as RTP

Decoding RTP packet - Unknown RTP version 0

Why does RTP Streams have 0 streams under the Telephony main menu. I started a capture, made an actual call, ended the call, ended the capture.