Ubaldi Fabio wrote:
<I am using Ethereal (version 0.9.9) to capture packets from a video streaming transmission on the
<client side. The streaming server is the Darwin one, and the player is QuickTime.
<I'd like to know your opinion about the fact that Ethereal cannot display RTP/RTSP packets
< (embedded in UDP packets), even if such protocols are enabled on the server side and inside Ethereal.
http://www.ethereal.com/faq.html#q5.21
Ethereal should recognize RTSP packets if they are sent on tcp port 554.
It seems that Ethereal doesn't support RTSP over UDP.
Ethereal may decode RTP/RTCP packets automatically if it sees the RTSP/SDP messages
(or H.323 signalling in case of H.323 traffic).
Otherwise you normally have to select one of those packages and use the menu item
"Decode As..." and select RTP as protocol (or RTCP).
I'm a bit tired on this, so I have written a plugin that does some heuristic checks on UDP
packets and calls the RTP/RTCP dissectors for packets that meets certain heuristics:
-Only packets with version bits equal to RTP version 2 are considered as possible RTP/RTCP packets.
-It is configurable if only RTP packets with CSRC counter value 0 shall be considered or if other values
also should be considered.
-It is configurable if only packets without Extension Header shall be considered or if also packets
with Extension header should be considered.
-It is configurable if only RTP packets on even port numbers should be considered, and
odd port numbers for RTCP.
-Source and destination port values should be in certain ranges (configurable from preferences).
-RTP Payload should have certain values (configurable as a string "0;8;31;34;").
-The payload size should have certain normal values for e.g. G.711, GSM and G.723.1
(this check is possible to turn-off).
-It is also possible to configure a list of ip-address that will need to match source and/or destination.
-For RTCP packets there are some more heuristic checks that can be done.
-The huristic dissection is possible to turn off with a preference setting.
I will send the source code to the list when I have added some more checks, cleaned the code up a bit
and tested it more.
Is there someone that has some more ideas of how to do heuristic checks on certain payloads or similar?
<I have just written an e-mail few seconds ago about RTP support by Ethereal.
<I forgot an important detail: I am doing streaming using MPEG-4 coding, and
<RTP version is done according to RFC 3016.
The MPEG-4 payload will however not be decoded. There is no MPEG4 dissector in Ethereal.
MPEG-4 is a dynamic payload so it's probably not possible to determine that it is MPEG-4
by just looking at the RTP packets. It could however be possible to determine this from the
RTSP/SDP messages, but currently this information is not passed to the RTP dissector (but I guess
it could be done in some way).