Wireshark-users: Re: [Wireshark-users] rtcp information capture

From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Thu, 17 Jul 2008 14:36:40 +0200
I do not think that's his problem:
He's not capturing RTP (Real Time Proto), it's capturing RTCP (RT
Control P) so he's not getting the media, he's getting only control
information for the media.

If what he wants is the media (to find out Timestamps, jitter and the
such) he'll have to capture RTP as well as RTCP. RTCP is supposed to
be sent one port bellow RTCP.

So for getting the media he'll want:
tshark -f "udp port 12000 or udp port 12001" -d "udp.port==12000,rtp"
-d "udp.port==12001,rtcp"

Then he can use the RTP analysis tab to analyze jitter and the such,
on RTP not on RTCP.

\Lego

On Thu, Jul 17, 2008 at 1:52 PM, Abhik Sarkar <sarkar.abhik@xxxxxxxxx> wrote:
>
>
> Looking at the Wiki page, it seems that certain calculations are
> turned off by default:
> http://wiki.wireshark.org/RTCP
>
> It looks like you will have to add something like "-o
> rtcp.heuristic_rtcp=TRUE -o rtcp.show_roundtrip_calculation=TRUE" to
> your second command line.
>
> HTH
> Abhik
>
> PS: Disclaimer: I know nothing about rtcp... just trying to help. 0:-)
>
> On Thu, Jul 17, 2008 at 12:54 PM, Ammar Lilamwala
> <ammar.lilamwala@xxxxxxxxx> wrote:
>> hi all
>>
>> I used the command
>>
>> tshark -d udp.port==12001,rtcp -e rtcp.ssrc.fraction -e rtcp.ssrc.dlsr -e
>> rtcp.ssrc.jitter -R "rtcp" -S -T fields -V >log.txt
>> I am getting the rtcp information printed in log.txt file
>>
>> Can anyone explain as to why when i type the following command i dont get
>> any information stored at all?
>>
>> tshark -d udp.port==12001,rtcp -e rtcp.roundtrip-delay -e rtcp.xr.stats.lost
>> -e rtcp.xr.voipmetrics.rfactor -R "rtcp" -S -T fields -V >log.txt
>>
>> I am guessing that these fields dont exist in the packet thats why? or that
>> only the ssrc information can be captured by the display filter.
>>
>> Should that be the case can you please tell me what i should do if i want to
>> calculate the above metrics.
>> I tried using the -z option in tshark but it seems to be very complicated. A
>> link for the usage of -z option in tshark would also be very helpful.
>>
>> regards
>> ammar
>>
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-users
>>
>>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-users
>



-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan