Wireshark-users: Re: [Wireshark-users] Fwd: sequence number and packet id
From: "Fabiana moreno" <fvmoreno@xxxxxxxxx>
Date: Sat, 12 Apr 2008 23:56:36 +0100
AHHHHHHHHHHHHHHHH!!!!!!!! Thanks!!! and if i want to calculate the end-to-end delay or latency of the packets, where end to end or latency mean; the time that takes the packet to travel from the server to the client, can i use something similar?...but then ...i will have to deal with packet loss..if the packet is loss then it wouldnd be counted.. Thank you very much your help!! i really appreciate it
On 12/04/2008, Guy Harris <guy@xxxxxxxxxxxx> wrote:
Fabiana moreno wrote:
> Thanks again...so this actually answers what i meant in my
> question....the sequence number is unique within the capture...so it´s
> like my identifier...

The sequence number is 16 bits, so it can only be unique within the RTP
session if fewer than 65536 packets are sent.  You should look for
"gaps" in the sequence number, such as going from sequence number 60410
to sequence number 60412 or later.

Presumably the sequence number will "wrap around", so it will go from
65535 to 0.  Any "lost packet" analysis you do must take that into
account.  The best way to do that would probably be to, for each RTP
packet other than the first packet, subtract from it the sequence number
of the previous packet, and take the result modulo 65536; if the result
is something other than 1, you have missing packets.

If, for example, you see a packet with a sequence number of 65535 and
then a packet with a sequence number of 2, the difference will be 2 -
65535, or -65533.  -65533, modulo 65536, would be 65536-65533, or 3.

In C, with GLib, the way to do that would be

        guint16 previous_packet_seq, current_packet_seq, seq_diff;

        seq_diff = current_packet_seq - previous_packet_seq;

where "previous_packet_seq" is the sequence number of the previous
packet and "current_packet_seq" is the sequence number of the current
packet; in that case, "seq_diff" will be set to the difference between
the sequence numbers of the packet, modulo 65536.

Wireshark-users mailing list