ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Fwd: sequence number and packet id

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Fabiana moreno" <fvmoreno@xxxxxxxxx>
Date: Sat, 12 Apr 2008 21:22:56 +0100
yes i was in indeed refering to the following sequence number (the one in bold red) and it is from the rtp protocol. I am confused; because it seems like a packet identifiers; it starts with a random number and then goes on adding 1 for every packet.

 7 20:01:46.859129 192.168.123.100       192.168.123.101       RTP      Payload type=Unknown (96), SSRC=1545864152, Seq=60410, Time=650923138
      9 20:01:46.875248 192.168.123.100       192.168.123.101       RTP      Payload type=Unknown (96), SSRC=1545864152, Seq=60411, Time=650923138


My other email is that i have noticed something very weird while taking the captures with tcpdump instead of wireshark. The packets id´s are always 0; which is not correct; ive been reading about and apparently theres is bug in the kernel 2.6...but i dont really know why i am getting those captures with packet id=0 ....


On 12/04/2008, Guy Harris <guy@xxxxxxxxxxxx> wrote:
Fabiana moreno wrote:

> thanks but i did some research already about the subject...
> this is what i found...
>
> http://www.freesoft.org/CIE/RFC/1889/9.htm
>
> sequence number: 16 bits
>     The sequence number increments by one for each RTP data packet sent,
>     and may be used by the receiver to detect packet loss and to restore
>     packet sequence. The initial value of the sequence number is random
>     (unpredictable) to make known-plaintext attacks on encryption more
>     difficult, even if the source itself does not encrypt, because the
>     packets may flow through a translator that does. Techniques for
>     choosing unpredictable numbers are discussed in [7].
>
> So i might be wrong, but i dont think sequence number represent how much
> data is being sent.


He was probably referring to the TCP sequence number.  You were
referring to the RTP sequence number.  Those are two different sequence
numbers; I suppose that one could infer from the reference to the Darwin
Streaming Server and from your earlier mails that you were referring to
RTP, but it's really best to indicate what protocol you're talking about.

Now:


>      > I am streaming with darwin streaming server and capturing with
>      > wireshark, i just wanted to know if what i am getting in my
>     captures as
>      > sequence number is my packet id?


to what "packet id" are you referring?  (As per your previous mail with
"packet id 0 ???" as the subject, the RTP sequence number is not
required to be connected with the IP Identification field; they're
independent fields.)

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube