RTP - Display Lost Packets IO Graph + Sort question

asked 2021-01-26 11:12:26 +0000

wshark_de gravatar image

updated 2021-01-26 11:16:50 +0000

Hello Wireshark-Community, I am currently analyzing packet loss in some huge PCAP files with thousands of RTP streams.

Question 1) Is there a bug inside "RTP Streams" as it cannot sort the "Lost" column correctly (Both Screenshots from same file)?

Question 2) Is is possible to only display missing (Lost) packets inside IO Graph, because it is close to impossible to detect missing packets with "rtp.seq"? If not, do you know (commerical) alternatives/workarounds?

Question 3) Inside the IO Graph above you see that the RTP Seq field only has 16 Bit and restarts from 0 after 65535 packets. Is this the reason why multiple streams from same SSRC# show up inside "RTP Streams" Analysis in Wireshark? I think for every Seq-Number restart from 0 an individual stream is shown there. Can you confirm?

Thank you very much for helping!

edit retag flag offensive close merge delete

Comments

If you are trying to look a packet loss on a hevy loaded interface handling media traffic chanses are that it's the capture process not beeing able to keep up that is dropping packets.

Anders gravatar imageAnders ( 2021-01-26 12:33:31 +0000 )edit

Thats true, but we captured with TAP devices and 20K $ Riverbed capture hardware. But your reply is mostly unrelated to questions?

https://support.riverbed.com/bin/supp...

wshark_de gravatar imagewshark_de ( 2021-01-26 12:41:43 +0000 )edit
add a comment