Hello, I'm running wireshark on debian Wheezy on x86_64 machine. I've found that when wireshark is decoding UDP as RTP packets, it's decoding timestamp in RTP header incorrectly according to RFC3550 page 12: 4. Byte Order, Alignment, and Time Format All integer fields are carried in network byte order, that is, most significant byte (octet) first. This byte order is commonly known as big-endian. and page 76:
As you can see on the screenshot, wireshark decodes timestamp "as is", without translating it from big-endian to little-endian for x86_64 arch. Which way is correct? I would like to check this fact in wireshark's source code and maybe fix it, but I don't have enough free time to read developers manual. Could anybody please answer, where to find RTP-header parser source code in wireshark's sources ? How to report about this MAY BE bug? asked 03 Jun '15, 10:13 yucacodec |
One Answer:
Your picture shows that Wireshark is decoding the field in big endian (network order): 1c6b89db in hexadecimal is equal to 476809691 in decimal. So there is nothing to fix here (what you see in the byte panel is what is transmitted over the wire, and does not represent the memory of your little endian machine). answered 03 Jun '15, 12:42 Pascal Quantin |
yes, that's right. Thanks.
If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.