To learn even more, I would suggest reading about IGMP. Here's one useful site with links to RFC's: http://www.networksorcery.com/enp/protocol/igmp.htm.
- Chris
________________________________
From: wireshark-dev-bounces@xxxxxxxxxxxxx on behalf of Jaap Keuter
Sent: Wed 11/28/2007 2:18 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] A Multicast RTP Question
Hi Jack,
I think you're confused about how multicast works.
Let's start with some definitions. You talk about endpoints. That is a
good abstraction. Let's define interface as a network interface on the
endpoint, something you plug the network cable into.
This interface has an IP address, like 192.168.10.12/24. This is called
a unicast addess. It's a unique identifier of the interface in the
network and can be addressed across routers.
Let's define a multicast group as an arbitrary group of interfaces. The
group has a multicast address, like 239.100.110.8. Like in real life,
you're not by default part of a group, you'll have to join. Same thing
for interfaces. Your program has to join the interface to the multicast
group. This adds an address to the interface, so that packets addressed
to the multicast group are sent up the IP protocol stack in the endpoint.
So if you send a packet to this group of interfaces, like you did from
endpoint A, you'll see a packet on the network with unicast source
address and multicast destination address. Now the receiving endpoints,
like your endpoint B, receives the packet on its interface, which
accepts the packet since it knows the multicast address. This happens on
all interfaces which joined the group. How these packets actually get
there is a whole different story.
Getting back your question, the packet stream with unicast source
address and multicast destination address is the actual packet flow from
the interface of endpoint A to the interface of endpoint B.
Hope it helps,
Jaap
Jack Liou wrote:
> Hi,
>
> I am trying Wireshark with a small multicast app.
>
> Endpoint A sends RTP packets to a a multicast address, and endpoint B
> listens on the multicast address (Wireshark was launched on endpoint B).
>
> From the captured file with capture filter "ip multicast", I can see
> the sending RTP stream (i.e. RTP:A--->multicast-addr), but not the
> receiving stream, i.e. RTP: multicast-addr--->B.
>
> This is the default behavior or I need to change some configuration to
> see the receiving stream?
>
> Cheers,
>
> Jack
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.
<<winmail.dat>>
