This is our old Q&A Site. Please post any new questions and answers at

Hello everyone, I'm trying to capture rtcdc traffic using this test page I use rtcdc filter in wireshark without results, instead of that, the traffic from that web is tagged as UDP traffic. How can I see it as rtcdc traffic?

asked 14 Aug '13, 00:06

Miguelo's gravatar image

accept rate: 0%


Are you sure it's UDP traffic? When I do nslookup, I get Applying a display filter of ip.addr eq, I only see TCP and SSL traffic when I Start -> [type some text] -> Send Data -> Stop Send Data. To me it looks like the traffic is encrypted, and if so, you won't be able to see the RTCDC traffic.

(14 Aug '13, 20:29) cmaynard ♦♦

RTCWeb runs over SCTP, not UDP, according to the Internet-Draft in question. If this is something such as RTCWeb-over-SCTP-over-DTLS-over-ICE-over-UDP, as per this Internet-Draft, in order to see it as RTCWeb traffic you'd have to modify the Wireshark code to handle all those encapsulations.

permanent link

answered 14 Aug '13, 20:18

Guy%20Harris's gravatar image

Guy Harris ♦♦
accept rate: 19%

the traffic from that web is tagged as UDP traffic.

according to their web page, the transport protocol is RTP. So, it sounds reasonable that you see UDP traffic.

Although in my test, that page created only a local connection to itself, according to Chromes Developer Tools and I did not see any UDP traffic!

So, there is no rtcdc protocol involved and I believe the name WebRTC is just coincidental the same.

You can try to decode the UDP traffic as RTP like this:

  • right click one of those UDP packets
  • select "Decode As.."
  • select "RTP"

However, the payload seems to be encrypted with AES. I found some hints in the Chrome developer tools, but did not invest any time to figure out what was going on. So, even if you decode that packets as RTP, you may not be able to read the payload if it is indeed encrypted.


permanent link

answered 15 Aug '13, 07:46

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

Tanks for the answers.

Kurt you are right, all the UDP traffic I analysed related to WebRTC can be decoded as RTP traffic properly, and the payload is encrypted as you said.

Anyway, I'm still trying to capture any RTCDC traffic from any webpage, but I can't find anyone. Does anybody know any web for testing?


(16 Aug '13, 00:39) Miguelo
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 14 Aug '13, 00:06

question was seen: 3,298 times

last updated: 16 Aug '13, 02:05

p​o​w​e​r​e​d by O​S​Q​A