Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Multiple DTMF 2833

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 02 Jun 2009 22:43:57 +0200

Hi,

If you look at RFC 2833 you'll see it's a funny protocol.
First of all it pins the RTP timestamp. Then it start to add up time intervals in its payload, for the time the event takes (unknown up front), regularly sending out RTPevent packets to keep the receiver going. Then at the end of the RTP event a repeated 'end of event' packet is usual. After that normal RTP flow, with correctly advanced timestamp, resumes. It might even flow in parallel. 

As you see a single DTMF key press doesn't correspond to a single RTPevent packet.

Thanx,
Jaap

Ujjval Karihaloo wrote:
I see multiple DTMFs in Wireshark (although it was pressed only once), tracing using tcpdump on my asterisk server. Actual packets also are multiple (19 – 20 I believe) with same DTMF tone = 1.
DTMF seems to work OK, but it is difficult to troubleshoot when actual DTMF related problems occur.
  • References:
    • [Wireshark-users] Multiple DTMF 2833
      • From: Ujjval Karihaloo
  • Prev by Date: [Wireshark-users] Interpreting TLS v1 Capture (Anti-Debug Trick?)
  • Next by Date: Re: [Wireshark-users] Interpreting TLS v1 Capture (Anti-Debug Trick?)
  • Previous by thread: [Wireshark-users] Multiple DTMF 2833
  • Next by thread: [Wireshark-users] Interpreting TLS v1 Capture (Anti-Debug Trick?)
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation