Wireshark-bugs: [Wireshark-bugs] [Bug 1589] New: Wrong interpretation of RTP packets

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 7 May 2007 15:37:31 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1589

           Summary: Wrong interpretation of RTP packets
           Product: Wireshark
           Version: 0.99.5
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: takis.issaris@xxxxxxxxxxx


Build Information:
wireshark 0.99.5

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.11, with GLib 2.12.11, with libpcap 0.9.5, with libz
1.2.3, with libpcre 6.7, without Net-SNMP, with ADNS, with Lua 5.1, with GnuTLS
1.4.4, with Gcrypt 1.2.3, with MIT Kerberos, without PortAudio, without
AirPcap.

Running on Linux 2.6.20-15-generic, with libpcap version 0.9.5.

Built using gcc 4.1.2 (Ubuntu 4.1.2-0ubuntu4).

--
When inspecting RTP packets, which have a payload type of 99 (H.264) Wireshark
0.99.4 and 0.99.5 interprets the package incorrectly (AFAIK).

According to Wireshark they are are indeed RTP packets with payload type 99
(H.264), but these RTP packets then contain "RFC2198: Redundant Audio Data",
which they don't. Ethereal 0.10.12 correctly shows the packets as RTP packets
of type 99 (H.264) and just shows the payload (which actually does contain
H.264) without further (incorrectly) decoding the contents.

So, Ethereal correctly shows:
Frame
 Ethernet
  IP
   UDP
    RTP

While Wireshark incorrectly shows:
Frame
 Ethernet
  IP
   UDP
    RTP
     RFC2198: Redundant Audio Data

When analyzing the RTP-stream and trying to save the payload, the generated
file is corrupt, as the first bytes of the RTP payload are interpreted as a
header of type "RFC2198: Redundant Audio Data".

Furthermore, I am not able to stop Wireshark from interpreting the payload of
the RTP packets. It seems that right clicking on the "RFC2198: Redun..." and
selecting "Decode as...", followed by a "Do not decode" and finally an "Apply"
should stop Wireshark from interpreting the payload contents of the RTP
packets, but it doesn't.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.