Wireshark-bugs: [Wireshark-bugs] [Bug 9477] New: AMR raw RTP dump adds 00 octects before every M
Date: Mon, 25 Nov 2013 16:52:17 +0000
Bug ID 9477
Summary AMR raw RTP dump adds 00 octects before every Marked RTP packet
Classification Unclassified
Product Wireshark
Version 1.10.3
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Common utilities (libwsutil)
Assignee bugzilla-admin@wireshark.org
Reporter dealsAlex@gmail.com

Created attachment 12178 [details]
pcap file containing 2 amr stream. user filter ((amr) && (ip.src ==
10.220.154.37)) && (!vlan)

Build Information:
Version 1.10.3 (SVN Rev 53022 from /trunk-1.10)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Nov  1 2013), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM) i5 CPU       M 540  @ 2.53GHz, with 3951MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

--
When saving the raw amr rtp dump from a stream. every time an rtp packet is
marked (because it's the first packet with actual sounds after silence packets)
Wireshark adds a series of 00 octects between the frames.


000003deh: 70 44 00 00 00 00 0E 00 00 00 00 00 00 00 00 00 ; pD..............
000003eeh: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
000003feh: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
0000040eh: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
0000041eh: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
0000042eh: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
0000043eh: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
0000044eh: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................
0000045eh: 00 00 00 00 00 00 70 3C F8 E2 25 08 15 41 8D 63 ; ......p<øâ%..Ac
0000046eh: CB F9 6B FF 96 0A 81 79 9E CD 2B 0C 56 DB EA A1 ; Ëùkÿ–.yžÍ+.VÛê¡
0000047eh: DA 70 CF 3B 97 F7 50                            ; ÚpÏ;—÷P


When looking at the rtp packets in the whireshark GUI those packets are no
where to be seen and dont comply to an RFC. Please use the filter below with
the attached pcap file.

((amr) && (ip.src == 10.220.154.37)) && (vlan)

Anylayse the RTP stream and save the payload and you will see the 00 octets


You are receiving this mail because:
  • You are watching all bug changes.