Wireshark mailing list archives

Re: Correct method to filter an RTP stream

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Wed, 23 Dec 2009 15:03:51 +0100

Hi,

Using setup frame should be fine, unless multiple RTP streams are setup.
Using SSRC should be fine, but your application seems to be reusing the
same every time.
I consider that last part an implementation error.

Thanks,
Jaap

On Wed, 23 Dec 2009 11:22:53 -0000, "Keith French"
<keithfrench () btconnect com> wrote:

I have further found a difference in the number of frames displayed by

the

two filter methods on my problematic trace.

rtp.setup-frame returns 4363 frames

SSID returns 5770

If I then do a "Show all streams" on the whole trace, all streams share
the same SSID:-



Obviously looking at the first two streams, I can see where the packet
loss is coming from when I filter on the SSID. Before I think of going

any

further with it I would appreciate some guidance on which filter method

should use.

Keith French.



From: Keith French 
Sent: Wednesday, December 23, 2009 10:15 AM
To: Wireshark-Users 
Subject: [Wireshark-users] Correct method to filter an RTP stream


I am running Wireshark V 1.2.5 on Windows 7 and I have a question on

what

is the correct method to find all packets in an RTP stream from a trace
that has multiple H.323 calls in it.

I use "VoIP Calls" and highlight the call I am interested in and click
"Prepare Filter". This will give one or maybe a few RTP packets.

Originally I thought that the correct method was to use the RTP setup
frame :-

rtp.setup-frame == 4

However, I was advised by someone that I should use the RTP SSID:-

rtp.ssrc == 0xb1854be7

I have a trace where if I filter on the SSID I get 95% RTP packet loss,
but if I filter on it via the RTP setup frame, I get 0% RTP packet loss.

Which method should I be using?

Keith French

--------------------------------------------------------------------------------

___________________________________________________________________________

Sent via:    Wireshark-users mailing list

<wireshark-users () wireshark org>

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Correct method to filter an RTP stream Keith French (Dec 23)
- Re: Correct method to filter an RTP stream Keith French (Dec 23)
  - Re: Correct method to filter an RTP stream Jaap Keuter (Dec 23)