When analyzing MCGP call flow, Wireshark is able to determine RTP (call packets) flow after a the session has been set up. Viewing the packets (MGCP and RTP) I cannot see how Wireshark is able to do this as there are no session info contained from the MGCP setup to the RTP packets. I would like someone who knows the code to please direct me to the area where this is resolved, so I can figure out how it works. Thanks in advance for saving me hours of time looking through an unfamiliar codebase. asked 08 Feb '11, 07:59  drewcrewof2 edited 08 Feb '11, 08:00 |
One Answer:
Hi, In the MGCP setup info ther is presumably SDP giving the IP port and codec information for the RTP flow. Tse SDP information (pan/dissectors/packet-sdp.c) is used to set up a "conversation" (epan/conversation.c, doc/README.developer) for the upcomming RTP session and info is conveied to the RTP dissector (packet-rtp.c). answered 08 Feb '11, 14:11  Anders ♦ |
Thanks, highly instructional, I got it!