Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Ethereal-dev: Re: [Ethereal-dev] Ethereal addition for analysing RTP data

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx>
Date: Fri, 7 Mar 2003 20:19:33 +1100
The tap system will call the tap listener for ALL
rtp packets and is agnostic about the transport.
Everywhere rtp is seen, the tap listener will be called.

tap_rtp needs to be changed so that the filter specified when attaching
excludes all icmp packets.

the correct way to fix this is to change tap_rpc so that it adds  "&& !icmp"
to the filter string used when attaching.

I can fix this tomorrow.


----- Original Message -----
From: "Miha Jemec"
Sent: Friday, March 07, 2003 8:12 PM
Subject: Re: [Ethereal-dev] Ethereal addition for analysing RTP data


> Hi !
>
> I found a sample that causes me problem using the tap system.
>
> It is the second packet in attached file, which is actually an ICMP port
> unreacheable message to the previous RTP packet. The ICMP was sent
> because the port was closed and it contains some bytes from the previos
> packet: IP header, UDP header, RTP header and 24 bytes from RTP data.
>
> The problem is, that this packet seems to be handled as RTP even it is a
> plain ICMP message. So I get the tap event for it and it even passes the
> RTP display filter.
>
> Since this is not a RTP packet but an ICMP packet with the information
> which packet caused this error (in our case previous RTP packet) I think
> that it shouldn't be passed to the tap listener for rtp packets and
> should be filtered out by RTP display filter.
>
> Miha.
>