This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I capture RTP packets?

0

For a project that I have to submit, I have to stream between two computers (with RTP protocol) using VLC media player, and then capture the packets with Wireshark in order to evaluate eventual packet losses. I have got two questions:

  • As a first step, I tried to use the same computer both for sending and for receiving the stream; I opened the RTP network stream in another window of VLC media player and the video is effectively shown. However, Wireshark captured the transmitted/received packets, but it shows them in the log file as a list of UDP packets (layer 4 instead of layer 7). Thus, I don't have access to any sequence number and, consequently, I can't find out anything about eventual packet losses. How can I set up Wireshark in order to have displayed the protocol used at layer 7 instead or 4? Or anyway, how can I have displayed the RTP sequence of packets instead of the UDP ones?

  • Alternatively does anyone know any active source of online streaming that broadcasts using RTP protocol and that would allow me to perform a capture of RTP packets? RTSP is also acceptable. In other words, I need to obtain a Wireshark log file with some consecutive sequence numbers in order to evaluate the packet losses.

asked 01 Feb '12, 09:19

lbxande's gravatar image

lbxande
1111
accept rate: 0%

edited 01 Feb '12, 10:00

multipleinterfaces's gravatar image

multipleinte...
1.3k152340

Have you verified that the UDP packets in your capture are, in fact, the RTP packets you are interested in, and have you also verified that they are not encrypted? Moreover, what platform are you attempting this on; Windows does not deliver loopback (local) traffic in a way that Wireshark will receive it.

(01 Feb '12, 10:02) multipleinte...
1

Ther is noting on the UDP level indicating that the packet contains RTP so Wireshark can't find that out unless the control signaling is seen and the dissector for that control protocol is coded to set up "RTP converations". You can hoever use "Decode as" and select RTP if those packets are RTP. There is also an RTP preference "Try to heuristically find RTP packets" but it's prone to make misstakes e.g catch stuff that is not RTP.

(01 Feb '12, 12:41) Anders ♦