I'm using Version 1.12.4 of Wireshark (Win64) and am attempting to analyse RTP packets that are carrying an MPEG-2 transport stream. What I'm finding is that any RTP packet that contains a "null" MPEG-2 transport stream packet (PID 0x1ff) is flagged as a NULL packet in the main Wireshark display. The upshot of this appears to be that the RTP stream analyser ignores these NULL RTP packets which inevitably results in a "Wrong sequence number" entry in the analysis output as the packet sequence number is deemed to be non-contiguous. This seems wrong to me. Null MPEG-2 transport stream packets are perfectly legal and to be expected in order to hit a particular fixed bit rate. The presence of them in the stream shouldn't result in an error being flagged in the analysis tool. Or am I not understanding something correctly and Wireshark really is trying to tell me something useful? Thanks in advance for any information offered. asked 10 Apr '15, 04:22 IanB edited 10 Apr '15, 04:24 |
One Answer:
Wireshark RTP analysis has no notion of profiles for the various transports. It basically only understands the transport of continues voice (G.711) and a bit of Comfort Noise and DTMF signalling. Since other profiles make use of similar methods they come out fairly well in these analysis, but certain details may cause problems, like you've seen. Unfortunately it is a significant job to make a fault tolerant MitM RTP endpoint which can handle all profiles, which is what would have to be done in Wireshark, and so far this has not happened. answered 10 Apr '15, 08:07 Jaap ♦ |