Wireshark-dev: Re: [Wireshark-dev] A Multicast RTP Question
From: Jaap Keuter <[email protected]>
Date: Wed, 28 Nov 2007 08:18:38 +0100
Hi Jack,

I think you're confused about how multicast works.

Let's start with some definitions. You talk about endpoints. That is a good abstraction. Let's define interface as a network interface on the endpoint, something you plug the network cable into.
This interface has an IP address, like 192.168.10.12/24. This is called 
a unicast addess. It's a unique identifier of the interface in the 
network and can be addressed across routers.
Let's define a multicast group as an arbitrary group of interfaces. The 
group has a multicast address, like 239.100.110.8. Like in real life, 
you're not by default part of a group, you'll have to join. Same thing 
for interfaces. Your program has to join the interface to the multicast 
group. This adds an address to the interface, so that packets addressed 
to the multicast group are sent up the IP protocol stack in the endpoint.
So if you send a packet to this group of interfaces, like you did from 
endpoint A, you'll see a packet on the network with unicast source 
address and multicast destination address. Now the receiving endpoints, 
like your endpoint B, receives the packet on its interface, which 
accepts the packet since it knows the multicast address. This happens on 
all interfaces which joined the group. How these packets actually get 
there is a whole different story.
Getting back your question, the packet stream with unicast source 
address and multicast destination address is the actual packet flow from 
the interface of endpoint A to the interface of endpoint B.
Hope it helps,
Jaap

Jack Liou wrote:
Hi,

I am trying Wireshark with a small multicast app.

Endpoint A sends RTP packets to a a multicast address, and endpoint B listens on the multicast address (Wireshark was launched on endpoint B).
 From the captured file with capture filter "ip multicast", I can see 
the sending RTP stream (i.e. RTP:A--->multicast-addr), but not the 
receiving stream, i.e. RTP: multicast-addr--->B.
This is the default behavior or I need to change some configuration to 
see the receiving stream?
Cheers,

Jack