This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Could a configuration flag be added that will tell the RTP analyzer to ignore when a source MAC address for an RTP stream changes (or to ignore Layer 2 altogether)? I have an HSRP pair with asymmetric routing behind them. Sometimes the routing will change mid RTP stream which causes the flow to egress a different HSRP router, thus a different source MAC. The RTP analysis is picking up on this, flags the packets as "Suspected Duplicate (MAC Address)", marks them as lost, and it screws up the stats.

My collector is running 1.4 and the RTP analysis looks fine. Opening the PCAP in the most recent version, 1.12.5, has this problem. I'm not sure which exact version between 1.4 and 1.12 this was introduced in.

asked 14 May '15, 14:30

KranZ's gravatar image

KranZ
6112
accept rate: 0%


The heuristics were tightened in time to better handle conflicting situations. Unfortunately your setup 'causes' such conflict to be detected. The best way to request this in a well documented Enhancement request (with sample capture file) in bugs.wireshark.org.

permanent link

answered 15 May '15, 02:42

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×40
×4

question asked: 14 May '15, 14:30

question was seen: 1,737 times

last updated: 15 May '15, 02:42

p​o​w​e​r​e​d by O​S​Q​A