I'm trying to test a network by sending calls directly between two SIPp instances. However when I try to analyze the stream with wireshark it cannot understand the RTP. It only show a stream in one direction, which has the count of all packets in both directions. I have a suspicion that the problem lies in the SSRC value which is the same in both directions. It is not easy to change the SSRC value in the test. So before I go and recompile something, I would like to hear if this is really a problem to Wireshark, or if I should look else where. asked 15 Dec '15, 13:53  Kjeld Flarup edited 15 Dec '15, 13:56 |
One Answer:
After checking the pcap received directly from Kjeld, I'm answering here for others: in Wireshark 2.0.0, the same SSRC in both directions of RTP stream does cause confusion, but only if dealing with RTP via Telephony -> VoIP calls -> Flow Sequence. If dealing with it via RTP -> Stream analysis, the directions are not mixed together and RTP stream analysis as well as playback work as expected. I'll file the bug. answered 17 Dec '15, 12:10  sindy |
Please post the pcap file, containing at least 10 RTP packets in each direction and at least the part of SIP message exchange which contains the SDP negotiation, somewhere on the web (google drive, skydrive, cloudshark...) and put a link to it here. Without having a look at the file it is hard to say what is wrong. Wireshark's automatic detection of RTP streams is bound to SDP, and analysis of RTP depends also on timestamps and sequence numbers (if at all on ssrc which I doubt but I'm not a Wireshark developer).