ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3003] New: My NIC replicates RTP packets to the network (s

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 27 Oct 2008 19:17:28 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3003

           Summary: My NIC replicates RTP packets to the network (same
                    packet, different source MAC)
           Product: Wireshark
           Version: 1.0.2
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: chavezf@xxxxxxxxxxx


Created an attachment (id=2414)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2414)
Sample capture with my NIC replicating RTP packets

Build Information:
Version 1.0.2 (SVN Rev 25698)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows Vista Service Pack 1, build 6001, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I found that my NIC replicates received RTP packets again to the network.
I mean: I do a capture in promiscous mode, and the SIP phones transmit every
20ms or so, but as soon as my PC receives the RTP packet, it is bounced back to
the network (within a few ms), but with my PC source address instead of the
original source MAC. 

RTP stream analysis shows as wrong sequence numbers, when actually is
"duplicated sequence numbers". In fact, the RTP packet count is duplicated (for
instance, 614 instead of 307).

Am I doing something wrong or is this a bug?

I see another dup packets, but don't know if is this related or not.

I am using Wireshark with the default options.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube