This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

RTCDC filter

0

Hello everyone, I'm trying to capture rtcdc traffic using this test page http://webrtc.googlecode.com/svn/trunk/samples/js/demos/html/dc1.html I use rtcdc filter in wireshark without results, instead of that, the traffic from that web is tagged as UDP traffic. How can I see it as rtcdc traffic?

asked 14 Aug '13, 00:06

Miguelo's gravatar image

Miguelo
11113
accept rate: 0%

1

Are you sure it's UDP traffic? When I do nslookup webrtc.googlecode.com, I get 74.125.140.82. Applying a display filter of ip.addr eq 74.125.140.0/24, I only see TCP and SSL traffic when I Start -> [type some text] -> Send Data -> Stop Send Data. To me it looks like the traffic is encrypted, and if so, you won't be able to see the RTCDC traffic.

(14 Aug '13, 20:29) cmaynard ♦♦

2 Answers:

2

RTCWeb runs over SCTP, not UDP, according to the Internet-Draft in question. If this is something such as RTCWeb-over-SCTP-over-DTLS-over-ICE-over-UDP, as per this Internet-Draft, in order to see it as RTCWeb traffic you'd have to modify the Wireshark code to handle all those encapsulations.

answered 14 Aug '13, 20:18

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

2

the traffic from that web is tagged as UDP traffic.

according to their web page, the transport protocol is RTP. So, it sounds reasonable that you see UDP traffic.

http://www.webrtc.org/reference/architecture#TOC-Transport-Session

Although in my test, that page created only a local connection to itself, according to Chromes Developer Tools and I did not see any UDP traffic!

So, there is no rtcdc protocol involved and I believe the name WebRTC is just coincidental the same.

You can try to decode the UDP traffic as RTP like this:

  • right click one of those UDP packets
  • select "Decode As.."
  • select "RTP"

However, the payload seems to be encrypted with AES. I found some hints in the Chrome developer tools, but did not invest any time to figure out what was going on. So, even if you decode that packets as RTP, you may not be able to read the payload if it is indeed encrypted.

Regards
Kurt

answered 15 Aug '13, 07:46

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Tanks for the answers.

Kurt you are right, all the UDP traffic I analysed related to WebRTC can be decoded as RTP traffic properly, and the payload is encrypted as you said.

Anyway, I'm still trying to capture any RTCDC traffic from any webpage, but I can't find anyone. Does anybody know any web for testing?

Thanks

(16 Aug '13, 00:39) Miguelo