I am getting a CRC error (on HDLC layer) for H224 data packets on destination for the packets that have been received from the source. The source sends 3 types of packets: audio (AAC-LD) packets, video packets and data packets. But while receiving the data packets, source throws CRC error on the packets received. Could anyone help in what could be the reason for this CRC error?
Related
I have a dissector which can read 2 udp packets and combine data from those.
Every time I select a packet (N) that is based on combining data from previous packet (N-1
) and current packet (N), I'm getting an error on the packet details on the custom protocol section.
Only when I select previous packet (N-1) and then the current packet (N), I can see the dissection as I expect and without any error.
Any idea how to solve the issue?
I'm trying to inspect and analyze my network traffic. Suddenly I found something confusing. I was thought that packets are splited to streams based on their (SRC_IP, DES_IP, SRC_PORT, SRC_PORT , PROTOCOL_NUM). But now I found two groups of packets with equal above features but interpreted as two different streams in Wireshark:
As you see below, the RTP packets with even packet numbers are a single stream and the RTP packets with odd packet number are another stream, while both has equal (SRC_IP, DES_IP, SRC_PORT, SRC_PORT , PROTOCOL_NUM). Why?
To compare the statistics:
They are interpreted as two different streams:
You are just looking at the UDP traffic from either direction. UDP stream 2 is from 192.168.1.162 to 192.168.1.159 and UDP stream 3 is from 192.168.1.159 to 192.168.1.162.
While there are two UDP streams, there is only one RTP session. This is because the RFC protocol states that you cannot multiplex on the same port. From RTP RFC Section 5.2.
In RTP, multiplexing is provided by the destination transport address
(network address and port number) which is different for each RTP session.
So, yes there are two simultaneous UDP streams, but it is just both hosts talking to each other during a RTP session.
I'm receiving rtp packets with JPEG payload with VLC. When I mannually setup the type to 26 (JPEG), vlc doesn't try open the stream; if I define it as 96, vlc opens it and displays it wrong - that is due to malformed encoding.
To find out the correct encoding, i.e to find out what values of packet headers are correct, i want to compare the rtp packets with working example. Surprisingly, example uses payload type 96 instead of 26. I user wireshark to observe the headres; if works fine with payload type 26 RTp/JPEG, but I can't force it to decode 96-type rtp packet as 26-type rtp packet to observe JPEG headers of the working example; how can I do this? May be there are other tools to browse PEg/RTP headers without any coding?
Payload type 26 is MJPEG and wireshark parses these packets like a charm.
Payload type more than 96 are dynamic types, there is no reason to stream MJPEG with type 96. What is the source of media? Did you check the type of stream there?
Probably type 96 means h263 or h264 video stream, many cameras do like this. As far as I know, Wireshark cannot decode h264 header/payload.
Usually for videos the marker bit of RTP Packet indicates the last packet of the RTP.
So, with this it is guaranteed that I will receive 1 frame per packet or can receive more than one?
In the case beyond the depacketization I would have to make a parser to separate the H.264 frames?
If I can get more than one frame per RTP packetit is possible to get a piece of the next frame? Or all frames within the RTP packet even if more than one are completes?
Best regards,
RFC 6184 "RTP Payload Format for H.264 Video" has answers for the raised questions. It can be both ways: 2+ NAL units per packet, and 1 NAL unit fragmented over 2+ packets.
See quotes below:
5.7.1. Single-Time Aggregation Packet (STAP)
A single-time aggregation packet (STAP) SHOULD be used whenever NAL
units are aggregated that all share the same NALU-time.
and
5.8. Fragmentation Units (FUs)
This payload type allows fragmenting a NAL unit into several RTP
packets. Doing so on the application layer instead of relying on
lower-layer fragmentation (e.g., by IP) has the following advantages:
I have read that in Erlang using gen_tcp the data sent over the socket can be aggregated in a single stream. How can i force the socket to send exactly a specific number of bytes?
TCP is a stream protocol (unlike UDP which is packet oriented) which e.g. means that the receiving application can't tell if the available data comes from one or several send() calls on the client.
You don't really have any control over the number of bytes being sent in a TCP packet, multiple send() calls may result in one TCP packet being received, and one send() call may result in several TCP packets being sent. This is controlled by the OS TCP stack.
In Erlang you can use the the socket option {packet, 1|2|4} to gen_tcp:connect and gen_tcp:listen to create a packet-oriented handling of the TCP data. This inserts a 1,2 or 4 bytes prefix to each send() and the receiving side (assuming it is also erlang and uses the same {packet, N} option) will read data until the sent number of bytes has been received, regardless of how the message was fragmented into TCP packets.
A call to gen_tcp:recv will block until the expected number of bytes has been read. And same for active mode sockets, the message is sent with the expected number of bytes.