Wireshark · Ethereal-dev: Re: [Ethereal-dev] Ethereal addition for analysing RTP data

Ethereal-dev: Re: [Ethereal-dev] Ethereal addition for analysing RTP data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Miha Jemec <m.jemec@xxxxxxxxxxx>

Date: Fri, 07 Mar 2003 10:12:05 +0100

Hi !

I found a sample that causes me problem using the tap system.

It is the second packet in attached file, which is actually an ICMP portunreacheable message to the previous RTP packet. The ICMP was sentbecause the port was closed and it contains some bytes from the previospacket: IP header, UDP header, RTP header and 24 bytes from RTP data.

The problem is, that this packet seems to be handled as RTP even it is aplain ICMP message. So I get the tap event for it and it even passes theRTP display filter.

Since this is not a RTP packet but an ICMP packet with the informationwhich packet caused this error (in our case previous RTP packet) I thinkthat it shouldn't be passed to the tap listener for rtp packets andshould be filtered out by RTP display filter.


Miha.

Attachment: icmp_rtp.raw
Description: Binary data

Follow-Ups:
- Re: [Ethereal-dev] Ethereal addition for analysing RTP data
  - From: Ronnie Sahlberg
- Re: [Ethereal-dev] Ethereal addition for analysing RTP data
  - From: Tomas Kukosa

References:
- Re: [Ethereal-dev] Ethereal addition for analysing RTP data
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] New packet module, Nominum CC
Next by Date: Re: [Ethereal-dev] Ethereal addition for analysing RTP data
Previous by thread: Re: [Ethereal-dev] Ethereal addition for analysing RTP data
Next by thread: Re: [Ethereal-dev] Ethereal addition for analysing RTP data
Index(es):
- Date
- Thread