This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Understanding the RTP Stream Analysis

0

Hi

I would like to understand the the output of the RTP Streams Analysis

I get here by going to: Telephony > RTP > Show All Streams.

In the output, under the 'Lost Column' I have -1722(-100.0%).

Also seen when you click the Analyze Button, the bottom reads: Total RTP packets = 1722 (expected 1722) Lost RTP packets = -1722 (-100.00%) Sequence errors = 1722

I dont understand Lost -1722 (the negative value). I dont understand -100% (the negative value). I dont understand the expectation of 1722, the loss of -1722, the sequence errors of 1722. Yet there was no problem with this test call/RTP stream.

Your explanation/advise will be greatly appreciated.

This question is marked "community wiki".

asked 06 Dec '13, 06:36

ahmedn's gravatar image

ahmedn
1112
accept rate: 0%

edited 06 Dec '13, 06:38

what is your:

  • OS and OS version
  • Wireshark version

Is it possible to post the capture file somewhere (google drive, dropbox, cloudshark.org or mega.co.nz)?

(06 Dec '13, 08:04) Kurt Knochner ♦

One Answer:

1

What you see if the effect of duplicate packets in your capture. The fact that you have -100% lost means you have 100% packets too many. Then there's the fact that you have 1722 (=100%) sequence errors, because every duplicate (which has the same sequence number) adds to the seq# error count. This is prone to happen when you monitor a VLAN on a switch, which captures both ingress and egress. Either capture only one direction, or sanitize your capture file.

answered 10 Dec '13, 02:28

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%