Ethereal-dev: Re: [Ethereal-dev] RE: [Ethereal-users] Not seeing RTP or RTCP tr affic on Win2K

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 17 Apr 2002 15:21:37 -0700
On Wed, Apr 17, 2002 at 06:13:42PM -0400, Ed Warnicke wrote:
> 	I suspect that sniffer is identifying the RTP packets by
> looking at the session setup protocols ( MGCP/H323/SIP/Megaco ) 
> which negotiate those RTP streams between the parties on the 
> network.

If that's what it's doing, then he must've sliced some packets out of
the trace he sent, because it contains *only* RTP packets - no session
setup packets of any sort.

However, the printed dissection of the trace from the Sniffer *starts*
with an RTP packet, so I suspect he sent us the full trace in which the
Sniffer saw RTP packets.  If so, they're presumably using a heuristic,
or the Sniffer saw but didn't save to the file the session setup packets
*and* stored in some unknown place in the file information sufficient to
tell it that the packets in question were RTP, or something such as
that.

> Ethereal could do this, but currently doesn't.

It does it for RTSP, at least.