ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 12099] New: MP2T Dissector does parse RTP properly in 2.0.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 08 Feb 2016 21:47:26 +0000
Bug ID 12099
Summary MP2T Dissector does parse RTP properly in 2.0.1
Product Wireshark
Version 2.0.1
Hardware x86
OS Mac OS X 10.10
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Created attachment 14311 [details]
MP2T Dissector shows erroneous information.

Build Information:
sdhanrale-mbpr:~ sdhanrale$ wireshark -v
Wireshark 2.0.1 (v2.0.1-0-g59ea380 from master-2.0)

Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with libpcap, without POSIX capabilities, with
libz 1.2.5, with GLib 2.36.0, with SMI 0.4.8, without c-ares, without ADNS,
with
Lua 5.2, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP,
with QtMultimedia, without AirPcap.

Running on Mac OS X 10.10.5, build 14F1509 (Darwin 14.5.0), with locale C, with
libpcap version 1.5.3 - Apple version 47, with libz 1.2.5, with GnuTLS 2.12.19,
with Gcrypt 1.5.0.
Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz (with SSE4.2)

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).
--
Hello,

Please check the attached PCAP, Decode as RTP, The Higher level protocol
dissector of MP2T is used by default, You will notice the frame number
16,31,46,61,.... (Basically every 15th frame as incorrectly dissected) has
source IP and Dest IP incorrectly shown as 128 kb/s and 48 kHz respectively
even though the IP Header is identical to the previous 14 frames. 

Screenshot : https://www.evernote.com/l/AVblnstwGAtDh5XGkKMgpsuNshiOl1Mmh-k 

As a result of this, The RTP Stream Analysis is thrown off. As you can see from
the screenshot highlighted red box, It is complaining about 327 lost frames
(i.e. Total Frames 4926 / 15 =~327). 

Workaround : Disable higher level protocol, Click on Analyze --> Enabled
Protocols --> Uncheck MP2T. 

Thanks,
Sagar Dhanrale

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube