Ask Your Question

How to capture RTP packets?

asked 2019-05-13 23:56:16 +0000

alohawireshark gravatar image

updated 2019-05-14 09:07:21 +0000

grahamb gravatar image

I am trying to find the clock drift information for each of the machines (e.g. my work laptop, my personal laptop, cell phone, etc.) using my router/Internet. Based on other posts [1][2], I am led to believe clock drift information can be found in RTP packets. However, after filtering for "rtp" packets in Wireshark, I find none.

According to [3], UDP packets can be converted into RTP packets. So, I tried enabling the "rtp_udp" protocol. I still only see UDP and no RTP packets. I also tried selecting a UDP packet then: Analyze -> Decode As -> RTP (in the Current column). It seems like the UDP packet is converted, but I don't see clock drift information.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-05-14 09:12:31 +0000

grahamb gravatar image

I think you've made an invalid assumption here, in that the rtp clock drift calculation can actually be used to measure clock drift between machines in general.

RTP clock drift is between the machine sending RTP traffic and the receiver, so unless your hosts are actually sending RTP traffic, which they probably aren't, you won't be able to capture any RTP traffic, no matter how much you try to force Wireshark to decode UDP packets as RTP.

There are protocols and tools out there that actually determine clock drift as their purpose, e.g. ntp. Attempting to infer clock drift by capturing network packets is probably an exercise in frustration.

edit flag offensive delete link more


thank you. that is helpful information

alohawireshark gravatar imagealohawireshark ( 2019-05-14 14:04:28 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2019-05-13 23:56:16 +0000

Seen: 3,251 times

Last updated: May 14 '19