Wireshark-users: Re: [Wireshark-users] [Wireshark-dev] RTCP Frame length check: Wrong

From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Tue, 14 Apr 2009 07:31:52 +0200
Most applications tend to use the signalled RTP port pair
As SRC and DST.

A -- SDP port Y--> B
  <--- SDP port-- X

-- RTP SRC Y DST X -->
<-- RTP SRC X DST Y

Some Firewalls assumes this and will block traffic not following this
"rule". I haven't found any RFC to support the above behaviour but in 
Practice almost every one seems to follow it and it seems like a good idea
to design your application that way as there may be interworking problems
otherwise.
Regards
Anders


-----Ursprungligt meddelande-----
Från: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] För Guy Harris
Skickat: den 14 april 2009 00:41
Till: Community support list for Wireshark
Kopia: shivani matta
Ämne: Re: [Wireshark-users] [Wireshark-dev] RTCP Frame length check: Wrong


On Apr 10, 2009, at 9:17 PM, Guy Harris wrote:

>
> On Apr 10, 2009, at 11:56 AM, Guy Harris wrote:
>
>> Packet 63 in the capture you sent, which only dissect as RTCP in my
>> version of Wireshark if you explicitly use "Decode As" - even the
>> heuristics aren't recognizing it as RTCP.
>
> I'll see whether the heuristics can be changed.

They were checking both the source and destination port, for both RTP  
(checking for even ports) and RTCP (checking for odd ports).  RFC 3550  
says, in section 11 "RTP over Network and Transport Protocols":

    RTP relies on the underlying protocol(s) to provide demultiplexing  
of
    RTP data and RTCP control streams.  For UDP and similar protocols,
    RTP SHOULD use an even destination port number and the corresponding
    RTCP stream SHOULD use the next higher (odd) destination port  
number.
    For applications that take a single port number as a parameter and
    derive the RTP and RTCP port pair from that number, if an odd number
    is supplied then the application SHOULD replace that number with the
    next lower (even) number to use as the base of the port pair.  For
    applications in which the RTP and RTCP destination port numbers are
    specified via explicit, separate parameters (using a signaling
    protocol or other means), the application MAY disregard the
    restrictions that the port numbers be even/odd and consecutive
    although the use of an even/odd port pair is still encouraged.  The
    RTP and RTCP port numbers MUST NOT be the same since RTP relies on
    the port numbers to demultiplex the RTP data and RTCP control
    streams.

That says nothing about the source port; I've removed the source port  
checks from the RTP and RTCP heuristic dissectors.  We'll see whether  
that results in any packets being misidentified as RTP or RTCP.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
 
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe