Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 3075] New: RTP analysis does not include all relevant fram

Date: Wed, 19 Nov 2008 17:50:04 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3075

           Summary: RTP analysis does not include all relevant frames
           Product: Wireshark
           Version: 1.0.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: djstunks@xxxxxxxxx


Created an attachment (id=2506)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2506)
RTP analysis of this file will show 2 nonexistent sequence errors

Build Information:
TShark 1.0.4 (SVN Rev 26501)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with
Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos.

Running on Windows Vista, build 6000, with WinPcap version 4.0.2 (packet.dll
version 4.0.0.1040), based on libpcap version 0.9.5.

Built using Microsoft Visual C++ 6.0 build 8804

--
* See attached capture.  This capture is of RTP-encapsulated MPEG_TS.
* See Wireshark bug #3074: MPEG Transport Stream frames not always correctly
decoded

In Wireshark version 1.0.4, RTP analysis of a stream does not include all
valid, relevant frames.  

In the attached capture, wireshark version 1.0.4 does not include frame #215 or
#572 in the RTP analysis of the stream.  This results in 2 total sequence
errors for the complete capture, even though frame #215 and #572 contain valid
RTP headers stamped with the "missing" sequence numbers.

In this case, frame #215 and #572 are being mis-dissected (see bug #3074), but,
in any event, an RTP analysis should include all packets of that stream.

Note: this bug does not exist in version 1.0.2 despite the mis-dissected
packets.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.