Ask Your Question
0

RTP Not Capturing in v4.2.6

asked 2024-08-13 18:46:56 +0000

amoore12 gravatar image

We are capturing RTP on a Jabber client on a laptop for an audio issue and Wireshark is not decoding the RTP packets. I have performed extensive research and have tried rdp_UDP but that simply identifes all UDP packets as RTP and the audio playback is all static. I have verified settings based on a working version of v4.2.5 on my corporate device and everything matches. I am fully capturing the entire call before the call starts and after it ends so I know SDP etc is being captured. If I take the capture file and move it to a working version the file cannot be decoded so it is an issue with the capture itself.

edit retag flag offensive close merge delete

Comments

If I take the capture file and move it to a working version the file cannot be decoded so it is an issue with the capture itself.

This puzzles me, 'move it to a working version the file cannot be decoded'. How does that make a working version?

Jaap gravatar imageJaap ( 2024-08-13 19:26:24 +0000 )edit

If I take the capture file and move it to a working version the file cannot be decoded so it is an issue with the capture itself.

Did you mean "if I take the capture file and move it to a working version the file can be decoded..."?

Guy Harris gravatar imageGuy Harris ( 2024-08-13 21:08:47 +0000 )edit

When I perform a capture on PC A the RTP packets are not identified as RTP. They are identified as UDP. If I take the capture from PC A and open it on PC B, the packets are still not identified as RTP and instead are UDP. On PC B when I perform a capture the packets are identified as RTP. If I take the capture from PC B and open in on PC A the packets are identified as RTP. So there is something with Wireshark on PC A that is not marking packets correctly on capture. That's the best way I can explain it.

amoore12 gravatar imageamoore12 ( 2024-08-15 17:33:15 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-08-18 06:45:43 +0000

Jaap gravatar image

Fun fact: RTP packets are UDP packets.

With that out of the way, there are three ways in which Wireshark can dissect the UDP payloads as RTP :

  1. Based on signalling
  2. Though the use of Decode As...
  3. Through heuristics

With the first one, there's another protocol, e.g. SDP, that sets up a media session where RTP packets are exchanged. Wireshark can use this to figure out that certain UDP packets contain RTP. With the second one, you point out to Wireshark to treat the UDP packets as containing RTP, whether or not that is true. With the third, Wireshark tries to make an educated guess if UDP packets contain RTP. That guessing is very limited though.

So either of these options have to apply to get the result you seek.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2024-08-13 18:46:56 +0000

Seen: 86 times

Last updated: Aug 18

Related questions

Now that the g.729 codec patent has expired, will Wireshark include a decoder for it?

Having issues with RTP not showing up in Voip Calls flow sequence in version 2.4.2.

cannot find "Compare two capture files"

Is it possible to test a capture filter with already captured traffic?

aix iptrace capture filters

How would I map this display filter to a capture filter?

RTP player playback issue

Can't capture TLS certificate

Can I create a capture filter on a pcap file

Wireshark capture with ET2000