I am trying to find the clock drift information for each of the machines (e.g. my work laptop, my personal laptop, cell phone, etc.) using my router/Internet. Based on other posts [1][2], I am led to believe clock drift information can be found in RTP packets. However, after filtering for "rtp" packets in Wireshark, I find none.

According to [3], UDP packets can be converted into RTP packets. So, I tried enabling the "rtp_udp" protocol. I still only see UDP and no RTP packets. I also tried selecting a UDP packet then: Analyze -> Decode As -> RTP (in the Current column). It seems like the UDP packet is converted, but I don't see clock drift information.

I think you've made an invalid assumption here, in that the rtp clock drift calculation can actually be used to measure clock drift between machines in general.

RTP clock drift is between the machine sending RTP traffic and the receiver, so unless your hosts are actually sending RTP traffic, which they probably aren't, you won't be able to capture any RTP traffic, no matter how much you try to force Wireshark to decode UDP packets as RTP.

There are protocols and tools out there that actually determine clock drift as their purpose, e.g. ntp. Attempting to infer clock drift by capturing network packets is probably an exercise in frustration.

thank you. that is helpful information

alohawireshark ( 2019-05-14 14:04:28 +0000 )

