Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11446] New: RTP is decoded as RTCP

Wireshark-bugs: [Wireshark-bugs] [Bug 11446] New: RTP is decoded as RTCP

Date: Mon, 17 Aug 2015 10:17:28 +0000

Bug ID	11446
Summary	RTP is decoded as RTCP
Product	Wireshark
Version	1.12.7
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Major
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	[email protected]
Reporter	[email protected]

Created attachment 13800 [details]
Contains two pcap files with example

Build Information:
Version 1.12.7 (v1.12.7-0-g7fc8978 from master-1.12)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Aug 12 2015),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
       Intel(R) Core(TM) i5-3360M CPU @ 2.80GHz, with 8065MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219
--
I got this situation during pcap files analysis:
- We setup first call with local rtp port 10533.
- This call is terminated after 14 sec.
- After 19  min another call is set up and we allocate port 10532 for it
When you see into the pcap file wireshark thinks that 10532 is RTP and 10533 is
RTCP despite of 10533 was used more early in another call!! And there wasn't
any info in SDP during calls setup that RTCP will be used.
I see this behavior periodically and it's not comfortable because I can't
analyze some RTP streams with wireshark.
In pcap files attached you can see this issue. They are identical except one of
them has two more SIP-packets at the end with port 10532 setup. If you'll do
filter udp.dstport == 10533 in both of them you'll see RTP stream in first file
and RTCP stream in second.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 11446] RTP is decoded as RTCP
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11446] RTP is decoded as RTCP
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11446] RTP is decoded as RTCP
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11446] RTP is decoded as RTCP
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 11446] RTP is decoded as RTCP
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11445] New: Wireshark Qt can't adjust the location of new added column in Appearance -> Columns
Next by Date: [Wireshark-bugs] [Bug 11446] RTP is decoded as RTCP
Previous by thread: [Wireshark-bugs] [Bug 11445] Wireshark Qt can't adjust the location of new added column in Appearance -> Columns
Next by thread: [Wireshark-bugs] [Bug 11446] RTP is decoded as RTCP
Index(es):
- Date
- Thread