Hello everyone, I'm trying to capture rtcdc traffic using this test page http://webrtc.googlecode.com/svn/trunk/samples/js/demos/html/dc1.html I use rtcdc filter in wireshark without results, instead of that, the traffic from that web is tagged as UDP traffic. How can I see it as rtcdc traffic? asked 14 Aug '13, 00:06  Miguelo |
2 Answers:
RTCWeb runs over SCTP, not UDP, according to the Internet-Draft in question. If this is something such as RTCWeb-over-SCTP-over-DTLS-over-ICE-over-UDP, as per this Internet-Draft, in order to see it as RTCWeb traffic you'd have to modify the Wireshark code to handle all those encapsulations. answered 14 Aug '13, 20:18  Guy Harris ♦♦ |
according to their web page, the transport protocol is RTP. So, it sounds reasonable that you see UDP traffic.
Although in my test, that page created only a local connection to itself, according to Chromes Developer Tools and I did not see any UDP traffic! So, there is no rtcdc protocol involved and I believe the name WebRTC is just coincidental the same. You can try to decode the UDP traffic as RTP like this:
However, the payload seems to be encrypted with AES. I found some hints in the Chrome developer tools, but did not invest any time to figure out what was going on. So, even if you decode that packets as RTP, you may not be able to read the payload if it is indeed encrypted. Regards answered 15 Aug '13, 07:46  Kurt Knochner ♦ Tanks for the answers. Kurt you are right, all the UDP traffic I analysed related to WebRTC can be decoded as RTP traffic properly, and the payload is encrypted as you said. Anyway, I'm still trying to capture any RTCDC traffic from any webpage, but I can't find anyone. Does anybody know any web for testing? Thanks (16 Aug '13, 00:39) Miguelo |
Are you sure it's UDP traffic? When I do
nslookup webrtc.googlecode.com, I get 74.125.140.82. Applying a display filter ofip.addr eq 74.125.140.0/24, I only see TCP and SSL traffic when IStart -> [type some text] -> Send Data -> Stop Send Data. To me it looks like the traffic is encrypted, and if so, you won't be able to see the RTCDC traffic.