Hi,
Using setup frame should be fine, unless multiple RTP streams are setup.
Using SSRC should be fine, but your application seems to be reusing the
same every time.
I consider that last part an implementation error.
Thanks,
Jaap
On Wed, 23 Dec 2009 11:22:53 -0000, "Keith French"
<keithfrench@xxxxxxxxxxxxx> wrote:
> I have further found a difference in the number of frames displayed by
the
> two filter methods on my problematic trace.
>
> rtp.setup-frame returns 4363 frames
>
> SSID returns 5770
>
> If I then do a "Show all streams" on the whole trace, all streams share
> the same SSID:-
>
>
>
> Obviously looking at the first two streams, I can see where the packet
> loss is coming from when I filter on the SSID. Before I think of going
any
> further with it I would appreciate some guidance on which filter method
I
> should use.
>
> Keith French.
>
>
>
> From: Keith French
> Sent: Wednesday, December 23, 2009 10:15 AM
> To: Wireshark-Users
> Subject: [Wireshark-users] Correct method to filter an RTP stream
>
>
> I am running Wireshark V 1.2.5 on Windows 7 and I have a question on
what
> is the correct method to find all packets in an RTP stream from a trace
> that has multiple H.323 calls in it.
>
> I use "VoIP Calls" and highlight the call I am interested in and click
> "Prepare Filter". This will give one or maybe a few RTP packets.
>
> Originally I thought that the correct method was to use the RTP setup
> frame :-
>
> rtp.setup-frame == 4
>
> However, I was advised by someone that I should use the RTP SSID:-
>
> rtp.ssrc == 0xb1854be7
>
> I have a trace where if I filter on the SSID I get 95% RTP packet loss,
> but if I filter on it via the RTP setup frame, I get 0% RTP packet loss.
>
> Which method should I be using?
>
> Keith French
>
>
>
--------------------------------------------------------------------------------
>
>
>
___________________________________________________________________________
> Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe