I am tapping into a RTP stream between host A and B with a passive Ethernet adaptor (See tutorials) Both interfaces on A and B are configured as 10bT full duplex.
When I tap into the RTP stream A>B I get the stream decoded as RTP
When I tap into the RTP stream B>A RTP is not recognized.
Below is the Hex Dump of the RTP packet:
HEX DUMP RTP B>A : no RTP recognition, UNICAST
0000 80 00 04 31 00 02 9e a0 44 5e 61 58 48 02 08 db ...1.... D^aXH... 0010 18 93 42 11 38 92 5a e1 4a 9a aa 5b bf 4e d5 f6 ..B.8.Z. J..[.N.. 0020 e8 d9 33 63 85 6e 9b b7 a8 ..3c.n.. .
HEX DUMP RTP A>B : with RTP recognition, MULTICAST
0000 80 00 1b 8d c9 f1 38 20 50 e1 5b 9c 48 8a 6a ba ......8 P.[.H.j. 0010 7a 10 d1 c1 0c 37 3d 83 95 64 bc d0 74 89 9c ed z....7=. .d..t... 0020 79 7b 23 31 95 46 d0 86 2f 51 19 8e 42 3b 4d a1 y{#1.F.. /Q..B;M. 0030 f5 fa 47 94 d1 59 85 96 71 4b b0 ..G..Y.. qK.
As you can see the first 4 octets in the RTP header are equal. The rest is time stamp and SSRC. What can make the difference? The only difference in the RTP streams is that A>B is multicast and B>A is unicast.
Regards Sporex
