[Windump] RTP streams - uneven packet counts
Gianluca Varenni
gianluca.varenni at cacetech.com
Thu May 21 12:23:53 PDT 2009
It sounds quite strange to me, windump and wireshark use the same underlying
capture engine.
Can you try capturing with both wireshark and windump at the same time, and
send me the capture file with the number of the packet that is missing in
the windump trace?
Have a nice day
GV
----- Original Message -----
From: "Robert Jones" <RobertJ at cctexas.com>
To: <windump at winpcap.org>
Sent: Thursday, May 21, 2009 11:59 AM
Subject: [Windump] RTP streams - uneven packet counts
>I ran into difficulty when capturing with windump on a machine that is
> seeing packets from a Cisco 7940 phone. Opening up the dump file in
> Wireshark afterwards (on the same machine, thus the same winpcap
> version), there always seems to be a difference of one packet between
> the forward and reverse RTP streams, which prevents Wireshark from
> saving the payload out to a file. If I capture with Wireshark, the
> counts match. I was wondering if this is a known issue, or if I can
> provide some information to help isolate whether this is a bug that lies
> within Windump or Wireshark.
>
> I'm using windump -i 2 -w dump -C 10
> Pressing Ctrl+C to stop well after the call is finished
> Opening up file in Wireshark (1.07 & 1.05 tested)
> Using the stream analysis function under Analyze, RTP and attempting to
> save the payload.
>
> Kind Regards,
>
> Bob Jones
> Information Security Manager
> City of Corpus Christi
> _______________________________________________
> Windump mailing list
> Windump at winpcap.org
> https://www.winpcap.org/mailman/listinfo/windump
More information about the Windump
mailing list