Wireshark-users: Re: [Wireshark-users] Wireshark-users Digest, Vol 59, Issue 10
From: Barry Constantine <Barry.Constantine@xxxxxxxx>
Date: Wed, 13 Apr 2011 10:17:26 -0700
Hello, This is chained to the original VoIP analysis question that I asked last week. I conducted a packet capture of a VoIP call when using the Microsoft Communicator audio (and USB headset). I can open the attached capture file and decode as RTP, but doing a stream analysis does not allow me to view any graphs or listen to the call. I am using Wireshark version 1.4. If any can look at the attached capture (small sample), it would be appreciated. Thanks, Barry -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wireshark-users-request@xxxxxxxxxxxxx Sent: Tuesday, April 12, 2011 3:00 PM To: wireshark-users@xxxxxxxxxxxxx Subject: Wireshark-users Digest, Vol 59, Issue 10 Send Wireshark-users mailing list submissions to wireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Wireshark runtime error in readin TCPDump trace (Alireza Attar) 2. Re: Wireshark-users Digest, Vol 59, Issue 9 (Barry Constantine) 3. Re: Wireshark runtime error in readin TCPDump trace (Stephen Fisher) 4. Wireshark 1.5.1 is now available (Gerald Combs) 5. Error: invalid command name "errOut" (Vinay Kumar) 6. Re: VoIP RTP Analysis, Lost Packet Analysis (Martin Visser) 7. Re: VoIP RTP Analysis, Lost Packet Analysis (RUOFF, LARS (LARS)** CTR **) 8. Re: Error: invalid command name "errOut" (Jaap Keuter) ---------------------------------------------------------------------- Message: 1 Date: Mon, 11 Apr 2011 12:21:49 -0700 (PDT) From: "Alireza Attar" <attar@xxxxxxxxxx> To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] Wireshark runtime error in readin TCPDump trace Message-ID: <yx4dMRye.1302549709.6705110.attar@localhost> Content-Type: text/plain; charset=ISO-8859-1 Hi all, I am trying to read a TCPDump file available on the web (see below link) using WireShark. http://www.thefengs.com/wuchang/work/cstrike/tcpdump.11Apr0855.04 I have tried both a Windows based machine and a linux machine to read the file. However in both cases after about 19%-20% of data is read the Wireshark crashes with runtime error message. Is this related to the size of the trace I am reading, memory issue on my machine or an error in the trace. Any feedback is appreciated. Regards, Ali ------------------------------ Message: 2 Date: Mon, 11 Apr 2011 12:55:55 -0700 From: Barry Constantine <Barry.Constantine@xxxxxxxx> To: "wireshark-users@xxxxxxxxxxxxx" <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 59, Issue 9 Message-ID: <94DEE80C63F7D34F9DC9FE69E39436BE3A0451B524@xxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" OK, it must have been captured on a SPAN port and it has duplicate packets in it. Thanks a lot Lars! Barry -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wireshark-users-request@xxxxxxxxxxxxx Sent: Monday, April 11, 2011 3:00 PM To: wireshark-users@xxxxxxxxxxxxx Subject: Wireshark-users Digest, Vol 59, Issue 9 Send Wireshark-users mailing list submissions to wireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Re: Wireshark-users Digest, Vol 59, Issue 8 (Barry Constantine) 2. Re: Wireshark-users Digest, Vol 59, Issue 8 (Boonie) 3. Re: VoIP RTP Analysis, Lost Packet Analysis (RUOFF, LARS (LARS)** CTR **) 4. Re: Wireshark-users Digest, Vol 59, Issue 8 (j.snelders) ---------------------------------------------------------------------- Message: 1 Date: Sun, 10 Apr 2011 12:05:35 -0700 From: Barry Constantine <Barry.Constantine@xxxxxxxx> To: "wireshark-users@xxxxxxxxxxxxx" <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 59, Issue 8 Message-ID: <54877A58-BA2A-47EA-B409-998E14218EEB@xxxxxxxx> Content-Type: text/plain; charset="us-ascii" Sure, but where do I post the capture file to? Thanks, Barry On Apr 10, 2011, at 3:02 PM, "wireshark-users-request@xxxxxxxxxxxxx" <wireshark-users-request@xxxxxxxxxxxxx> wrote: > Send Wireshark-users mailing list submissions to > wireshark-users@xxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > https://wireshark.org/mailman/listinfo/wireshark-users > or, via email, send a message with subject or body 'help' to > wireshark-users-request@xxxxxxxxxxxxx > > You can reach the person managing the list at > wireshark-users-owner@xxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Wireshark-users digest..." > > > Today's Topics: > > 1. Re: VoIP RTP Analysis, Lost Packet Analysis (Jake Peavy) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 9 Apr 2011 19:20:42 -0600 > From: Jake Peavy <djstunks@xxxxxxxxx> > To: Community support list for Wireshark > <wireshark-users@xxxxxxxxxxxxx> > Subject: Re: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis > Message-ID: <BANLkTi=5Ngzq5OJ6jx51VZ0UegZRRzLLFg@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset="windows-1252" > > On Sat, Apr 9, 2011 at 8:23 AM, Barry Constantine < > Barry.Constantine@xxxxxxxx> wrote: > >> Hi, >> >> >> >> I am analyzing VoIP capture files in Wireshark 1.4 and am confused about >> the RTP analysis results. >> >> >> >> The jitter results match what I expect, but the packet loss results do not. >> >> >> >> I know for a fact that the file contains no packet loss and yet the RTP >> analysis screen reports all packets as lost ?negatively? (and gives an odd >> -100% value). >> >> >> >> Any ideas? >> > > > Can you post a sample capture? > > -- > -jp > > They were a proud people. In fact, some said they were too proud. If you > asked them why they were so proud, they'd just laugh and say, "We're not > even going to answer that." Later, they were tied to the bumper of a car and > dragged around the block, as onlookers shrieked with delight. But one old > man, who had a banjo, just shook his head and walked away. The crowd noticed > this and set him on fire. > > deepthoughtsbyjackhandey.com > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110409/bae58dd6/attachment.html> > > ------------------------------ > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > End of Wireshark-users Digest, Vol 59, Issue 8 > ********************************************** ------------------------------ Message: 2 Date: Mon, 11 Apr 2011 07:38:35 +0200 From: "Boonie" <newsboonie@xxxxxxxxx> To: <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 59, Issue 8 Message-ID: <5D2A5A3B66F6488F95338284682777CC@AMD> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original ----- Original Message ----- From: "Barry Constantine" <Barry.Constantine@xxxxxxxx> To: <wireshark-users@xxxxxxxxxxxxx> Sent: Sunday, April 10, 2011 9:05 PM Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 59, Issue 8 > Sure, but where do I post the capture file to? > > Thanks, Barry You may want to post it here: http://www.cloudshark.org/ But, be aware it is public and you can not erase it. Dave ------------------------------ Message: 3 Date: Mon, 11 Apr 2011 09:30:22 +0200 From: "RUOFF, LARS (LARS)** CTR **" <lars.ruoff@xxxxxxxxxxxxxxxxxx> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis Message-ID: <23C6087F32FB3A43941E25922F87538E21E556F606@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" What you describe can happen if you have all packets as duplicates or if they all have the same RTP sequence number. Your sample capture file will tell us. If you limit the file to a reasonable size (10 successive RTP packets from the stream will be sufficient to see where the problem is), there's no problem for posting it as an attachment on this list. Lars ________________________________ From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Barry Constantine Sent: samedi 9 avril 2011 16:24 To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis Hi, I am analyzing VoIP capture files in Wireshark 1.4 and am confused about the RTP analysis results. The jitter results match what I expect, but the packet loss results do not. I know for a fact that the file contains no packet loss and yet the RTP analysis screen reports all packets as lost "negatively" (and gives an odd -100% value). Any ideas? Thanks, Barry ------------------------------ Message: 4 Date: Mon, 11 Apr 2011 10:52:47 +0200 From: "j.snelders" <j.snelders@xxxxxxxxxx> To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 59, Issue 8 Message-ID: <4CA9A73F000A1BF5@xxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="US-ASCII" You can also use YouSendIt: www.yousendit.com It is free for files up to 100MB. My best Joke On Mon, 11 Apr 2011 07:38:35 +0200 Boonie wrote: >----- Original Message ----- >From: "Barry Constantine" <Barry.Constantine@xxxxxxxx> >To: <wireshark-users@xxxxxxxxxxxxx> >Sent: Sunday, April 10, 2011 9:05 PM >Subject: Re: [Wireshark-users] Wireshark-users Digest, Vol 59, Issue 8 > > >> Sure, but where do I post the capture file to? >> >> Thanks, Barry > > >You may want to post it here: http://www.cloudshark.org/ > >But, be aware it is public and you can not erase it. > >Dave ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 59, Issue 9 ********************************************** ------------------------------ Message: 3 Date: Mon, 11 Apr 2011 14:58:31 -0600 From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Wireshark runtime error in readin TCPDump trace Message-ID: <20110411205831.GA96348@xxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=us-ascii On Mon, Apr 11, 2011 at 12:21:49PM -0700, Alireza Attar wrote: > I have tried both a Windows based machine and a linux machine to read > the file. However in both cases after about 19%-20% of data is read > the Wireshark crashes with runtime error message. Is this related to > the size of the trace I am reading, memory issue on my machine or an > error in the trace. Any feedback is appreciated. You're probably just running out of memory. I've loaded 46% of that file so far (752MB) and it's cosuming 3.5GB of RAM. See this web page for more details: http://wiki.wireshark.org/KnownBugs/OutOfMemory ------------------------------ Message: 4 Date: Mon, 11 Apr 2011 14:00:48 -0700 From: Gerald Combs <gerald@xxxxxxxxxxxxx> To: wireshark-announce@xxxxxxxxxxxxx, Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>, Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> Subject: [Wireshark-users] Wireshark 1.5.1 is now available Message-ID: <4DA36C00.5020806@xxxxxxxxxxxxx> Content-Type: text/plain; charset=UTF-8 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm proud to announce the release of Wireshark 1.5.1. This is an experimental release intended to test features that will go into Wireshark 1.6. What is Wireshark? Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education. What's New Bug Fixes The following bugs have been fixed: o Wireshark is unresponsive when capturing from named pipes on Windows. (Bug 1759) o Ring buffers are no longer turned on by default when using multiple capture files. New and Updated Features The following features are new (or have been significantly updated) since version 1.4: o Wireshark can import text dumps, similar to text2pcap. o You can now view Wireshark's dissector tables (for example the TCP port to dissector mappings) from the main window. o TShark can show a specific occurrence of a field when using '-T fields'. o Custom columns can show a specific occurrence of a field. o You can hide columns in the packet list. o Wireshark can now export SMB objects. o dftest and randpkt now have manual pages. o TShark can now display iSCSI service response times. o Dumpcap can now save files with a user-specified group id. o Syntax checking is done for capture filters. o You can display the compiled BPF code for capture filters in the Capture Options dialog. o You can now navigate backwards and forwards through TCP and UDP sessions using Ctrl+, and Ctrl+. . o Packet length is (finally) a default column. o TCP window size is now avaiable both scaled and unscaled. A TCP window scaling graph is available in the GUI. o 802.1q VLAN tags are now shown by the Ethernet II dissector. o Various dissectors now display some UTF-16 strings as proper Unicode including the DCE/RPC and SMB dissectors. o The RTP player now has an option to show the time of day in the graph in addition to the seconds since beginning of capture. o The RTP player now shows why media interruptions occur. o Graphs now save as PNG images by default. o TShark can read and write host name information from and to pcapng-formatted files. Wireshark can read it. TShark can dump host name information via [-z hosts] o The tshark -z option now uses the [-z <proto>,srt] syntax instead of [-z <proto>,rtt] for all protocols that support service response time statistics. This syntax now matches Wireshark's syntax for this option. New Protocol Support ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing Protocol, Constrained Application Protocol (COAP), Digium TDMoE, Erlang Distribution Protocol, Ether-S-I/O, FastCGI, Fibre Channel over InfiniBand (FCoIB), Gopher, Gigamon GMHDR, IDMP, Infiniband Socket Direct Protocol (SDP), JSON, LISP Data, MikroTik MAC-Telnet, Mongo Wire Protocol, Network Monitor 802.11 radio header, OPC UA ExtensionObjects, PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD Framing, RSIP, SAMETIME, SCoP, SGSAP, Tektronix Teklink, WAI authentication, Wi-Fi P2P (Wi-Fi Direct) Updated Protocol Support New and Updated Capture File Support Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP OpenVMS TCPTrace, IPFIX (the file format, not the protocol), Lucent/Ascend debug, Microsoft Network Monitor, Network Instruments, TamoSoft CommView Digests wireshark-1.5.1.tar.bz2: 21127616 bytes MD5(wireshark-1.5.1.tar.bz2)=9c934fa4e2d1cb1b0585c1a0956bd80b SHA1(wireshark-1.5.1.tar.bz2)=9a17ca74bbf9c508cd722f2287ea5e7eb93f51ee RIPEMD160(wireshark-1.5.1.tar.bz2)=f97f8f368a70c45568883d4f861eed36f9856b90 wireshark-win32-1.5.1.exe: 18907608 bytes MD5(wireshark-win32-1.5.1.exe)=5d8320020b853ccbe1c4644b7deb8685 SHA1(wireshark-win32-1.5.1.exe)=ed4e8215ffde454e3fef95d351cf10fbd7c69717 RIPEMD160(wireshark-win32-1.5.1.exe)=b93cfd3c71d1b154a1861fafb2651373ba58393c wireshark-win64-1.5.1.exe: 22356611 bytes MD5(wireshark-win64-1.5.1.exe)=2c7bfe85abd96f94542a7842ed6c84e5 SHA1(wireshark-win64-1.5.1.exe)=c489363f54b55ac19b33bf28febc1380520c68e3 RIPEMD160(wireshark-win64-1.5.1.exe)=a3ccccd29bd7000445b76c4d196ca0451e566fa9 wireshark-1.5.1.u3p: 25258080 bytes MD5(wireshark-1.5.1.u3p)=85cd0e52b03f4352e6508ae7589296a9 SHA1(wireshark-1.5.1.u3p)=8754d8a55299a0ea5f70d2b76075106c7d04b0e7 RIPEMD160(wireshark-1.5.1.u3p)=42b18ace398343ced2ab80544013020e85adc001 WiresharkPortable-1.5.1.paf.exe: 19769672 bytes MD5(WiresharkPortable-1.5.1.paf.exe)=271b31fe3e189e2a4ca5d5388d908024 SHA1(WiresharkPortable-1.5.1.paf.exe)=e23cefd36bdbab8e16f72acc4e441cf77fc0c91b RIPEMD160(WiresharkPortable-1.5.1.paf.exe)=3280f0de991939520407fd26b19b6507828e8a02 Wireshark 1.5.1 Intel 32.dmg: 47995111 bytes MD5(Wireshark 1.5.1 Intel 32.dmg)=6dc706bbc38b1a5865c0abeeb7dd2908 SHA1(Wireshark 1.5.1 Intel 32.dmg)=c45a2b2c7b94ebbcdd0512c8b3b8e38618902851 RIPEMD160(Wireshark 1.5.1 Intel 32.dmg)=0b4763402db772f39625f5df367f87ee3a47b711 Wireshark 1.5.1 Intel 64.dmg: 43314737 bytes MD5(Wireshark 1.5.1 Intel 64.dmg)=b3a5ce957aef3c95e4936b14bfeed36e SHA1(Wireshark 1.5.1 Intel 64.dmg)=a1959275c359c53ef681637bed34520b01934a13 RIPEMD160(Wireshark 1.5.1 Intel 64.dmg)=b9c2765f467ea24f92a6387f755ea1f190ee62f8 Wireshark 1.5.1 PPC 32.dmg: 50634026 bytes MD5(Wireshark 1.5.1 PPC 32.dmg)=b44232437fcc5c7b327f3a13b89b9111 SHA1(Wireshark 1.5.1 PPC 32.dmg)=66f8d09fd662fa903ebcd18815f8d5ed5311601f RIPEMD160(Wireshark 1.5.1 PPC 32.dmg)=c7f9d12fe7e13c887abff796212a97f8202e2519 patch-wireshark-1.5.0-to-1.5.1.diff.bz2: 1566926 bytes MD5(patch-wireshark-1.5.0-to-1.5.1.diff.bz2)=225103a1d2fc6890abbb62fe87a14b12 SHA1(patch-wireshark-1.5.0-to-1.5.1.diff.bz2)=2aea37c3f2fba0228832e5b9db42026f7bc06a37 RIPEMD160(patch-wireshark-1.5.0-to-1.5.1.diff.bz2)=8844b5570e821fbc6ddcc9d34c06e38ce78d9139 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2jbAAACgkQpw8IXSHylJpBIwCdFJnjTEYJJ/0HYFzcvoHET2Un oDQAoL9SLMuwSJLqx5L+MCe2KFBAKocp =bVG3 -----END PGP SIGNATURE----- ------------------------------ Message: 5 Date: Tue, 12 Apr 2011 10:55:51 +0530 From: Vinay Kumar <vinaykumar.l@xxxxxxxxxxxxxxxxxx> To: wireshark-users@xxxxxxxxxxxxx Cc: Vinay Kumar <vinaykumar.l@xxxxxxxxxxxxxxxxxx> Subject: [Wireshark-users] Error: invalid command name "errOut" Message-ID: <4DA3E25F.2090807@xxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" Hi All, I am getting following Wireshark error during TCLSim Setup for Analyzer: */invalid command name "errOut" invalid command name "errOut" while executing "errOut "Error in $ANALYZER_BIN_DIR/tshark.exe -D command. This may occur because Wireshark has never executed and had the Preference information saved..." invoked from within "if [catch {exec $ANALYZER_BIN_DIR/tshark.exe -D} ALL_INTERFACE] { errOut "Error in $ANALYZER_BIN_DIR/tshark.exe -D command. This may occur ..." ("wireshark" arm line 16) invoked from within "switch $module { ethereal { # Source global variables global ANALYZER_BIN_DIR if {$ANALYZER_BIN_DIR == ""} { tk_messageBox -par..." (procedure "SelectAnalyzerInterface" line 3) invoked from within "SelectAnalyzerInterface $ANALYZER_PARSER" invoked from within ".setup.notebook.fSEC.frame1.analyzerFrame.captButton invoke" ("uplevel" body line 1) invoked from within "uplevel #0 [list $w invoke]" (procedure "tk::ButtonUp" line 24) invoked from within "tk::ButtonUp .setup.notebook.fSEC.frame1.analyzerFrame.captButton" (command bound to event)/* The version of Wireshark Used is *0.99.7*. Please let me know the reason for getting this error and changes in Wireshark settings required. Thanks & Best Regards, Vinay -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110412/e354db12/attachment.html> ------------------------------ Message: 6 Date: Tue, 12 Apr 2011 19:16:04 +1000 From: Martin Visser <martinvisser99@xxxxxxxxx> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis Message-ID: <BANLkTinJayiMvsb125=YYVC5cyQYc6fMjg@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="utf-8" I can't imagine any normal network where you would get duplicate RTP packets (they are UDP datagrams, so who is going to resend them?) Regards, Martin MartinVisser99@xxxxxxxxx On 11 April 2011 17:30, RUOFF, LARS (LARS)** CTR ** < lars.ruoff@xxxxxxxxxxxxxxxxxx> wrote: > > What you describe can happen if you have all packets as duplicates or if > they all have the same RTP sequence number. > Your sample capture file will tell us. > If you limit the file to a reasonable size (10 successive RTP packets from > the stream will be sufficient to see where the problem is), there's no > problem for posting it as an attachment on this list. > > Lars > > > > ________________________________ > > From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto: > wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Barry Constantine > Sent: samedi 9 avril 2011 16:24 > To: wireshark-users@xxxxxxxxxxxxx > Subject: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis > > > > Hi, > > > > I am analyzing VoIP capture files in Wireshark 1.4 and am confused about > the RTP analysis results. > > > > The jitter results match what I expect, but the packet loss results do not. > > > > I know for a fact that the file contains no packet loss and yet the RTP > analysis screen reports all packets as lost "negatively" (and gives an odd > -100% value). > > > > Any ideas? > > > > Thanks, > > Barry > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx > ?subject=unsubscribe > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110412/7d143c1d/attachment.html> ------------------------------ Message: 7 Date: Tue, 12 Apr 2011 11:31:25 +0200 From: "RUOFF, LARS (LARS)** CTR **" <lars.ruoff@xxxxxxxxxxxxxxxxxx> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis Message-ID: <23C6087F32FB3A43941E25922F87538E21E55BAE79@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="us-ascii" It can be a capture method artefact, like badly configured mirroring. But thinking about it, pairwise duplicate packet should give a total of -50% packet loss. -100% seems to indicate that *all* packets are seen as duplicate of the first one, otherwise said that sequence number is not increasing at all. regards, Lars ________________________________ From: Martin Visser [mailto:martinvisser99@xxxxxxxxx] Sent: mardi 12 avril 2011 11:16 To: Community support list for Wireshark Cc: RUOFF, LARS (LARS)** CTR ** Subject: Re: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis I can't imagine any normal network where you would get duplicate RTP packets (they are UDP datagrams, so who is going to resend them?) Regards, Martin MartinVisser99@xxxxxxxxx On 11 April 2011 17:30, RUOFF, LARS (LARS)** CTR ** <lars.ruoff@xxxxxxxxxxxxxxxxxx> wrote: What you describe can happen if you have all packets as duplicates or if they all have the same RTP sequence number. Your sample capture file will tell us. If you limit the file to a reasonable size (10 successive RTP packets from the stream will be sufficient to see where the problem is), there's no problem for posting it as an attachment on this list. Lars ________________________________ From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Barry Constantine Sent: samedi 9 avril 2011 16:24 To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis Hi, I am analyzing VoIP capture files in Wireshark 1.4 and am confused about the RTP analysis results. The jitter results match what I expect, but the packet loss results do not. I know for a fact that the file contains no packet loss and yet the RTP analysis screen reports all packets as lost "negatively" (and gives an odd -100% value). Any ideas? Thanks, Barry ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe ------------------------------ Message: 8 Date: Tue, 12 Apr 2011 12:05:59 +0200 From: Jaap Keuter <jaap.keuter@xxxxxxxxx> To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Error: invalid command name "errOut" Message-ID: <04DD72EE-1D60-48F2-B42F-731596D43769@xxxxxxxxx> Content-Type: text/plain; charset="us-ascii" Hi, First of all this isn't a 'Wireshark product' you're referring to, but a derivative. You may ask the TCLSim people. >From what I see the problem could be that you don't run the program with enough privileges to open the interfaces to capture on. Try running as root. Even better, have the TCLSim people go with a newer Wireshark release and use privilege separation, which is a safer solution. Thanks, Jaap Send from my iPhone On 12 apr. 2011, at 07:25, Vinay Kumar <vinaykumar.l@xxxxxxxxxxxxxxxxxx> wrote: > Hi All, > > I am getting following Wireshark error during TCLSim Setup for Analyzer: > > invalid command name "errOut" > invalid command name "errOut" > while executing > "errOut "Error in $ANALYZER_BIN_DIR/tshark.exe -D command. This may occur because Wireshark has never executed and had the Preference information saved..." > invoked from within > "if [catch {exec $ANALYZER_BIN_DIR/tshark.exe -D} ALL_INTERFACE] { > errOut "Error in $ANALYZER_BIN_DIR/tshark.exe -D command. This may occur ..." > ("wireshark" arm line 16) > invoked from within > "switch $module { > ethereal { > # Source global variables > global ANALYZER_BIN_DIR > if {$ANALYZER_BIN_DIR == ""} { > tk_messageBox -par..." > (procedure "SelectAnalyzerInterface" line 3) > invoked from within > "SelectAnalyzerInterface $ANALYZER_PARSER" > invoked from within > ".setup.notebook.fSEC.frame1.analyzerFrame.captButton invoke" > ("uplevel" body line 1) > invoked from within > "uplevel #0 [list $w invoke]" > (procedure "tk::ButtonUp" line 24) > invoked from within > "tk::ButtonUp .setup.notebook.fSEC.frame1.analyzerFrame.captButton" > (command bound to event) > > > The version of Wireshark Used is 0.99.7. Please let me know the reason for getting this error and changes in Wireshark settings required. > > Thanks & Best Regards, > Vinay > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110412/004d8ce5/attachment.html> ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 59, Issue 10 ***********************************************
Attachment:
VoIP_Communicator_Snippet.pcap
Description: VoIP_Communicator_Snippet.pcap
- Prev by Date: Re: [Wireshark-users] Error: invalid command name "errOut"
- Next by Date: Re: [Wireshark-users] VoIP RTP Analysis, Lost Packet Analysis
- Previous by thread: Re: [Wireshark-users] Error: invalid command name "errOut"
- Next by thread: [Wireshark-users] packets with capture length in Wireshark larger than configured MTU
- Index(es):