Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] RTP captured packets

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 17 Feb 2010 15:15:03 +0100
Hi,

You're posting just fine, no worry.

Wireshark does its very best to show you what's *really* going on, so
tries to figure things out instead of depending on captured information.
This is also true for counting RTP packets (who can tell if the RTCP
information is correct?)
So the presented RTP packet count is what Wireshark really sees. If this
matches the contents of the RTCP packets then even the gateways agrees with
you. 
So you probably have to take one step back: is the signaling *really*
correct???

Maybe you can post a small snippet of the capture with relevant data?

Thanks,
Jaap

On Wed, 17 Feb 2010 13:07:41 +0200, kyriakos lioulios
<klioulios@xxxxxxxxx> wrote:
> Hello again,   Just to make it more clear attached you will find a basic
> schematic that shows the RTP connection in both sides.   Also i have
> tried to decode the RTP packets sent from ethernet card1 and ethernet
> card2. It seems that in the side with the increased number of RTP
packets
> sent meaning ethernet card1-->port1  of switch there is speech ( ican
> hear my voice)    but in the other direction ethernet card2--> port 3
> of switch there is only noise heard.   Thanks in advance for any help.
> 
>  On Wed, Feb 17, 2010 at 11:32 AM, kyriakos lioulios  wrote:
>   Hello,   I have an inquiry. Hope i am using the correct way to
> communicate as  i was a bit confused with the lists.   Anyway, I
> am using a wireshark PC that is capturing traffic between two gateways.
>   Even though the signalling seems to be ok between the gateways when it
> comes to speech patch it just does not have any.  Checked the number of
> RTP packets sent from both sides and it seems that one gateway sends
> much less RTP packets than the other.   I checked this through tab
> Telephony-->RTP-->show all streams.   I also checked the RTCP packets
> exchanged between the two gateways. The number of sent packets written
> inside match the number displayed at wireshark.(meaning that confirm the
> big difference)   So i would like to know how the number of packets
> that are displayed in wireshark through path Telephony-->RTP-->show all
> streams for each stream  are calculated.   Is it through the context of
> the RTCP messages exchanged between the gateways?or wireshark just
> calculates the RTP packets that are captured at its interface from each
> gateway?   The scope of this question is to determine whether there is
> anything wrong with the gateway itself and does not send RTP packets or
> the RTP packets leave the gateway and are somehow lost in the switch for
> example.   My thoughts are that RTCP messages carry info/statistics
>  that are sent from each gateway where the number of packets that are
> displayed through the statistics of wireshark are counted from the tool
> and not through the RTCP messages. Please inform me if i am correct
> though.   I would appreciate it alot and i really hope i have not
> confused you.   Thank you   BR  
> 
> 
> Links:
> ------
> [1] mailto:klioulios@xxxxxxxxx