Wireshark-users: Re: [Wireshark-users] SIP SDP RTP correlation

From: "Martin Mathieson" <martin.r.mathieson@xxxxxxxxxxxxxx>
Date: Thu, 8 May 2008 16:04:58 +0100
For each media session  the SDP  dissector reads, it looks at the type of media it is. If its RTP, it passes on the server IP address, UDP port number, payload type numbers, codecs, setup frame number, setup method ("SDP") to the RTP dissector.

When the RTP dissector sees an RTP frame that matches the dest address IP address and UDP port number it tags it with the stored setup information (setup frame number and setup method).

On Wed, May 7, 2008 at 9:45 PM, Jamaal Savwoir <jsavwoir@xxxxxxxxxxxxx> wrote:
How does Wireshark match the packets of a particular RTP stream to the
SIP messages (with SDP info in the message body) that set up and tear
down the call? If I look at a RTP frame, I see 'Stream setup by SDP
(frame x)' in the Real-Time Transport Protocol section, but nothing else
about the data displayed seems to tie that frame to the SIP frame that
contains the SDP session info in the message body.

Any help you can provide will be greatly appreciated.

Thanks

Jamaal Savwoir
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users