Wireshark-dev: Re: [Wireshark-dev] A Multicast RTP Question

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 28 Nov 2007 08:18:38 +0100
Hi Jack,

I think you're confused about how multicast works.

Let's start with some definitions. You talk about endpoints. That is a good abstraction. Let's define interface as a network interface on the endpoint, something you plug the network cable into.

This interface has an IP address, like 192.168.10.12/24. This is called a unicast addess. It's a unique identifier of the interface in the network and can be addressed across routers.

Let's define a multicast group as an arbitrary group of interfaces. The group has a multicast address, like 239.100.110.8. Like in real life, you're not by default part of a group, you'll have to join. Same thing for interfaces. Your program has to join the interface to the multicast group. This adds an address to the interface, so that packets addressed to the multicast group are sent up the IP protocol stack in the endpoint.

So if you send a packet to this group of interfaces, like you did from endpoint A, you'll see a packet on the network with unicast source address and multicast destination address. Now the receiving endpoints, like your endpoint B, receives the packet on its interface, which accepts the packet since it knows the multicast address. This happens on all interfaces which joined the group. How these packets actually get there is a whole different story.

Getting back your question, the packet stream with unicast source address and multicast destination address is the actual packet flow from the interface of endpoint A to the interface of endpoint B.

Hope it helps,
Jaap

Jack Liou wrote:
Hi,

I am trying Wireshark with a small multicast app.

Endpoint A sends RTP packets to a a multicast address, and endpoint B listens on the multicast address (Wireshark was launched on endpoint B).

From the captured file with capture filter "ip multicast", I can see the sending RTP stream (i.e. RTP:A--->multicast-addr), but not the receiving stream, i.e. RTP: multicast-addr--->B.

This is the default behavior or I need to change some configuration to see the receiving stream?

Cheers,

Jack