Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] How to modify existing RTP conversation?

From: Jirka Novak <j.novak@xxxxxxxxxxxx>
Date: Mon, 2 Jan 2017 16:51:55 +0100
Hi,

> I would like to know where this is done:
> 
>  I analysed the code and found that for #1 is created "full"
> conversation (full = SRC_IP:SRC_PORT <-> DST_IP:DST_PORT) with UDP as
> protocol.
> 
> because that sounds questionable. 

packet_udp.c: dissect() calls find_or_create_conversation(pinfo) for
every packet. When packet is new (#1 in my example), it creates new full
conversation just for UDP layer.
Conversation is created as full/bidirectional, I checked it with enabled
DEBUG_CONVERSATION.

						Sincerely yours,

							Jirka Novak