Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5693] SRTP packets wrongly marked as RTP

Wireshark-bugs: [Wireshark-bugs] [Bug 5693] SRTP packets wrongly marked as RTP

Date: Tue, 15 Feb 2011 11:52:15 -0800 (PST)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5693

--- Comment #4 from Jaap Keuter <jaap.keuter@xxxxxxxxx> 2011-02-15 20:52:14 CET ---
(In reply to comment #3)
> Yes right, one more observation since Wireshark marks the packets based on the
> signalling (i.e. Offer), I started Wireshark to capture packets in pure SRTP
> mode, i.e. only one "m=" line in SDP with SAVP, after the signalling is done so
> wireshark has no idea what offer answer exchange happened, It is showing SRTP
> packets as RTP. Is there any way to mark the packets based on the packet
> contents as the SRTP packets will have an Auth Tag filed based on which it can
> be assured that it is a SRTP packet. Is there any plans to fix this.
> 
> Thanks,
> Ujjwal Singh

No, that's not possible. RTP payloads are highly varying between codecs and
codec parameters. There's no way to tell what it is, other than the applicable
signaling.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 5693] New: SRTP packets wrongly marked as RTP
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 5516] tshark -i - doesn't work if you don't have WinPcap installed
Next by Date: [Wireshark-bugs] [Bug 5516] tshark -i - doesn't work if you don't have WinPcap installed
Previous by thread: [Wireshark-bugs] [Bug 5693] SRTP packets wrongly marked as RTP
Next by thread: [Wireshark-bugs] [Bug 5365] Couldn't run dumpcap
Index(es):
- Date
- Thread