![]() Tcpdump command will work on most flavors of unix operating system. > + -> " and then set UDP port 4000 to be decoded as RTP by selecting RTP under the Current column.Tcpdump command is also called as packet analyzer. To do this, either select a UDP packet and right-click "Decode As", or choose "Analyze -> Decode As. Note: For anyone not familiar with decoding traffic on non-standard ports, in order to have Wireshark decode the UDP payload as RPT, you must use the "Decode As" feature as alluded to above. This should tell you where all the gaps are and how many packets were lost, which is just a sum of the last column, or 23, which exactly matches what Wireshark reported in the RTP analysis as lost packets. To more easily find all gaps, select the entire table and filter on this new column for all values other than 0 You should end up with a relatively small table that looks something like this:.Any value other than 0 represents a gap in RTP sequence numbers.Fix the first row of the new column by replacing the undefined value with a heading, such as "RTP Seq # diff". ![]() (You might have to clean up some of the extraneous data past the last valid row.) If you select the entire column first and use "Ctrl-Enter" instead of just "Enter" when you add the formula, the formula will be quickly applied to all rows. For example, if the RTP sequence number is in column G, then the cell will contain =G2-G1-1. ![]() Add a column whose contents is the difference between the RTP sequence number in the previous row and the RTP sequence number in the current row.Export the file to CSV: File -> Export Packet Dissections -> As CSV.Right-click on the RTP sequence number field of any packet and choose, "Apply as Column".For example, around 12:16:38, there's a gap and it can be seen that the RTP sequence # of 11634 is missing, which should be between Frames 1022.īut if you want to more easily see where all the sequence number gaps are, then you probably want to export the Wireshark data into a spreadsheet program, such as Excel. Now change the Interval to 10ms and you'll see some sequence number gaps - for me, 3 gaps are easily observed, which are probably good indicators of where packet loss has occurred. You should see a rather straight diagonal line starting from the lower-left corner and ending at the top-right corner. X RTP Seq rtp.seq X Line MIN(Y Field) rtp.seq None Disable anything being plotted and add a new one, something like this: Enabled Graph Name Display Filter Color Style Y Axis Y Field SMA Period ![]() "Telephony -> RTP -> Stream Analysis" also provides potentially useful information.Īnother potentially useful way to view the data is to use the I/O Graph. You can also view the RTP statistics under "Telephony -> RTP -> RTP Streams", which lists 23 lost packets. ![]() Did you try using Wireshark's "Analyze -> Expert Information"? (You can also view it by clicking on the little red circle in the lower-left corner of the status bar, although the color of the circle will vary depending on the highest error level present in the capture file.)Įdit: Expanded my original answer with more information below. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |