Wireshark · Ethereal-dev: Re: [Ethereal-dev] how to map RTP payload type to a protocol ?

Ethereal-dev: Re: [Ethereal-dev] how to map RTP payload type to a protocol ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: PC Drew <drewpc@xxxxxxxxxxxxxxx>

Date: Tue, 01 Oct 2002 07:41:51 -0600

The problem that you're facing is that RTP doesn't define a very"unique" way to determine that this UDP data actually is RTP. So, asfar as I know, the only way you can automagically dissect UDP data asRTP is by capturing the control packets as well (i.e. SIP/SDP, IPDC,MGCP, RTCP, etc).

I haven't worked with RTP in about a year, so I'm a little rusty, but asI recall, you can determine the IP:Port information from the sessioncontrol packets (if they're captured as well) in the form of SIP/SDPpackets for example. I wrote some code a while back to decode definethe conversation from an SDP packet, but I don't think it ever gotchecked in (as I recall, it had a bunch of memory leaks and general "notgood code" problems).


Here's my original post:

http://marc.theaimsgroup.com/?l=ethereal-dev&m=99184276504320&w=2

And here was Guy Harris's response. I never took the patch any furtherthan my original post because I didn't have time:


http://marc.theaimsgroup.com/?l=ethereal-dev&m=99292667406710&w=2

Hope it helps!

Marco Molteni wrote:

Hi,

first of all, I would like to say a big THANK YOU to all the people
involved in Ethereal :-)

The following comes from a MPEG-4 streaming dump but the question is
more generic.

Real Time Protocol (RTP) has a dynamic range of payload types, from 96 to 127.
Ethereal shows (obviously) such RTP packets as payload type=Unknown.

One way to know the payload type is from a RTSP/SD packet.

Now, let's say I know the payload type, how do I tell ethereal to use
that payload type to dissect the RTP packet? Do I just write the
dissector and then use "Tools|Decode Packet As" to map the RTP protocol
type to my dissector?

Also, it seems to me that the "Decode Packet As" doesn't have the
granularity that I want, because it allows me to map, for example, UDP
plus a source/destination port to a protocol, while what I would like to
do is to map the RTP (contained in UDP) type field to a protocol. Any
suggestions?

thanks for your help
Marco
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev




--
PC Drew
Manager, Client Services

IBSN
12600 W. Cedar Drive, Suite 100
Lakewood, CO 80228

Email: drewpc@xxxxxxxxxxxxxxx
Phone: 303-984-4727
Cell: 720-841-4543
Fax: 303-984-4730

Follow-Ups:
- Re: [Ethereal-dev] how to map RTP payload type to a protocol ?
  - From: Marco Molteni

Prev by Date: RE: [Ethereal-dev] RMI is gone
Next by Date: RE: [Ethereal-dev] RMI is gone
Previous by thread: [Ethereal-dev] Undocumented tvb* functions
Next by thread: Re: [Ethereal-dev] how to map RTP payload type to a protocol ?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$