Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 1314] New: VoIP Call graph error - picks up a telnet frame

Date: Thu, 18 Jan 2007 16:48:34 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1314

           Summary: VoIP Call graph error - picks up a telnet frame as an
                    RTP frame
           Product: Wireshark
           Version: 0.99.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mike.oliveras@xxxxxxxxx


Build Information:
Version 0.99.4 (SVN Rev 19757)

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown), with
libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua 5.1,
with
GnuTLS 1.5.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio <= V18, with
AirPcap.

Running on Windows XP Service Pack 1, build 2600, with WinPcap version 3.1
(packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x], without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The attached file mgcp_call.pcap.gz is a DOCSIS capture of an MGCP call. To
view it properly you will have to enable Edit
Preferences->Protocols->Frame->Treat all frames as DOCSIS Frames.

RTP is flowing between 10.101.1.36 <--> 10.101.1.38, however there are two
TELNET frames (7140 and 7189) that are picked up somehow by the "rtp" display
filter.  I first noticed this because when I did a "Statistics->VoIP
Calls->Graph" of the two call legs in the trace, it incorrectly displayed the
RTP between 10.1.1.48:23 and 168.84.245.9:4962, where this is in fact a telnet
packet.

As a result, the graph is incorrect.  I also tried build 0.99.5-SVN-20446 to
see if this problem was already resolved and had the exact same result.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.