[Windump] RTP streams - uneven packet counts
Robert Jones
RobertJ at cctexas.com
Thu May 21 11:59:50 PDT 2009
I ran into difficulty when capturing with windump on a machine that is
seeing packets from a Cisco 7940 phone. Opening up the dump file in
Wireshark afterwards (on the same machine, thus the same winpcap
version), there always seems to be a difference of one packet between
the forward and reverse RTP streams, which prevents Wireshark from
saving the payload out to a file. If I capture with Wireshark, the
counts match. I was wondering if this is a known issue, or if I can
provide some information to help isolate whether this is a bug that lies
within Windump or Wireshark.
I'm using windump -i 2 -w dump -C 10
Pressing Ctrl+C to stop well after the call is finished
Opening up file in Wireshark (1.07 & 1.05 tested)
Using the stream analysis function under Analyze, RTP and attempting to
save the payload.
Kind Regards,
Bob Jones
Information Security Manager
City of Corpus Christi
More information about the Windump
mailing list