Hi, I can't understand the relation between packet and sequence, because when I go to analyse the RTP packets with the option RTP stream analysis, in the column paket starts the packet with the number 33 and the seq number with the number 38761, but if I continue analysing, in the packet 29146 has the number of sequence equal to 0. I attached a picture with two captures of the same analysis in order to be able to see what i want to say better.
Another doubt that I have is: How I can know, in wich moment of the communication had a lost packet? Because with these analysis I can see that I have 5 packets lost, but I don't know in wich moment this happened.
asked 06 Nov '12, 01:06
edited 06 Nov '12, 01:09
The RTP sequence number is a 16 bit value. So, you will get an wrap-around at 65535 for a long session. That caused problems with all sorts of VoIP clients in the past.
did you check the "Expert Info"?
I'm not sure if the RTP dissector adds messages if it detects packet loss (if it detects it at all).
If there is nothing in the Expert Info, you would have to analyze the RTP sequence number with an external script, by using tshark
Then analyze the output of tshark with a script to find lost packets (missing RTP sequence number).
answered 06 Nov '12, 01:22
Kurt Knochner ♦
edited 06 Nov '12, 01:26