Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Correct method to filter an RTP stream

From: "Keith French" <keithfrench@xxxxxxxxxxxxx>
Date: Wed, 23 Dec 2009 10:15:56 -0000
I am running Wireshark V 1.2.5 on Windows 7 and I have a question on what is the correct method to find all packets in an RTP stream from a trace that has multiple H.323 calls in it.
 
I use "VoIP Calls" and highlight the call I am interested in and click "Prepare Filter". This will give one or maybe a few RTP packets.
 
Originally I thought that the correct method was to use the RTP setup frame :-
 
rtp.setup-frame == 4
 
However, I was advised by someone that I should use the RTP SSID:-
 
rtp.ssrc == 0xb1854be7
 
I have a trace where if I filter on the SSID I get 95% RTP packet loss, but if I filter on it via the RTP setup frame, I get 0% RTP packet loss.
 
Which method should I be using?
 
Keith French