Wireshark-users: Re: [Wireshark-users] Correct method to filter an RTP stream

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 23 Dec 2009 15:03:51 +0100
Hi,

Using setup frame should be fine, unless multiple RTP streams are setup.
Using SSRC should be fine, but your application seems to be reusing the
same every time.
I consider that last part an implementation error.

Thanks,
Jaap

On Wed, 23 Dec 2009 11:22:53 -0000, "Keith French"
<keithfrench@xxxxxxxxxxxxx> wrote:
> I have further found a difference in the number of frames displayed by
the
> two filter methods on my problematic trace.
> 
> rtp.setup-frame returns 4363 frames
> 
> SSID returns 5770
> 
> If I then do a "Show all streams" on the whole trace, all streams share
> the same SSID:-
> 
> 
> 
> Obviously looking at the first two streams, I can see where the packet
> loss is coming from when I filter on the SSID. Before I think of going
any
> further with it I would appreciate some guidance on which filter method
I
> should use.
> 
> Keith French.
> 
> 
> 
> From: Keith French 
> Sent: Wednesday, December 23, 2009 10:15 AM
> To: Wireshark-Users 
> Subject: [Wireshark-users] Correct method to filter an RTP stream
> 
> 
> I am running Wireshark V 1.2.5 on Windows 7 and I have a question on
what
> is the correct method to find all packets in an RTP stream from a trace
> that has multiple H.323 calls in it.
> 
> I use "VoIP Calls" and highlight the call I am interested in and click
> "Prepare Filter". This will give one or maybe a few RTP packets.
> 
> Originally I thought that the correct method was to use the RTP setup
> frame :-
> 
> rtp.setup-frame == 4
> 
> However, I was advised by someone that I should use the RTP SSID:-
> 
> rtp.ssrc == 0xb1854be7
> 
> I have a trace where if I filter on the SSID I get 95% RTP packet loss,
> but if I filter on it via the RTP setup frame, I get 0% RTP packet loss.
> 
> Which method should I be using?
> 
> Keith French
> 
> 
>
--------------------------------------------------------------------------------
> 
> 
>
___________________________________________________________________________
> Sent via:    Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe