Why is wireshark interpreting RTP and RTCP as Skype traffic?

asked 2018-09-13 14:52:22 +0000

VoIP_Mortal gravatar image

updated 2018-09-13 15:20:06 +0000

We have a customer that is experiencing jitter on their call center agents softphone clients’ PCs to a cloud-based Voip solution provider. I am getting RTP packets and Skype packets in both a good call and a bad call. However, in the bad call, we noticed many of the Skype packets are going to the Cloud Voip providers’ ip address. Also, in the RTP stream statistics it shows the jitter plus a large percentage of dropped packets. I did a “decode as” on the SKYPE packets destined to that IP as RTP and now the dropped packets are gone. (Wireshark automatically also assigned the RTCP packets to the correct port after I also Decoded them as RTP, which was nice.) We observed normal non-voice Skype traffic is still there as well. Now I can listen to the call and hear the jitter there just as the end user did. What puzzles me is why does this not happen on a call with very low jitter? Is there some correlation? These captures are from the same user on the same day, with no PC changes in between. The good call has normal non-voice Skype traffic and a full RTP stream, no decoding necessary. Has anyone else seen this behavior?

edit retag flag offensive close merge delete


What kind of cloud based VoIP are we talking about here (pun intended). Is it SIP based, or another signalling protocol?

Jaap gravatar imageJaap ( 2018-09-13 16:39:55 +0000 )edit

Thanks for responding. It is SIP-based and there appears to be no differences in the SIP traffic from the bad or good calls.

VoIP_Mortal gravatar imageVoIP_Mortal ( 2018-09-13 16:50:39 +0000 )edit

So, are you expecting the Skype packets in the captures?

Jaap gravatar imageJaap ( 2018-09-13 18:27:16 +0000 )edit

Yes, some of the Skype packets are there correctly.

VoIP_Mortal gravatar imageVoIP_Mortal ( 2018-09-14 20:01:45 +0000 )edit