tcpdump 上的奇怪流 DTMF 捕获
我捕获了 SIP 呼叫的 tcpdump 以调试 DTMF 问题(重复数字),但在解释它时遇到一些问题。
据我了解,当我通过wireshark的“VOIP CALL”解析捕获的流量时,我应该看到类似这样的内容(对于数字123):
CAPTURE 1
RTP 电话事件 DTMF One 1
(活动结束)
RTP 电话事件 DTMF 两个 2
(活动结束)
RTP 电话事件 DTMF 三 3
(活动结束)
但我看到的是这个
捕获 2
RTP 电话事件 DTMF One 1
RTP 电话事件 DTMF One 1
RTP 电话事件 DTMF One 1
(完)
RTP 电话事件 DTMF 两个 2
RTP 电话事件 DTMF 两个 2
RTP 电话事件 DTMF 两个 2
(完)
RTP 电话事件 DTMF 两个 3
RTP 电话事件 DTMF 两个 3
RTP 电话事件 DTMF 两个 3
(结束)
在一个系统上,CAPTURE 2 被检测为 123,但在另一个系统上,它似乎将其解码为具有重复的数字。 wireshark 不将它们分组为单个 RTP 事件的原因是什么?
这是rtp流量:
捕获 1:
RTP 事件 DTMF 1
RTP 事件 DTMF 1
RTP 事件 DTMF 1(结束)
RTP 事件 DTMF 1(结束)
RTP 事件 DTMF 1(结束)
RTP 事件 DTMF 2
RTP 事件 DTMF 2
RTP 事件 DTMF 2(结束)
RTP 事件 DTMF 2(结束)
RTP 事件 DTMF 2(结束)
RTP 事件 DTMF 3
RTP 事件 DTMF 3
RTP 事件 DTMF 3(结束)
RTP 事件 DTMF 3(结束)
RTP 事件 DTMF 3(结束)
RTP 有效负载
...
...
...
RTP 有效负载,
而 CAPTURE 2 是:
RTP 事件 DTMF 1
RTP 有效负载
RTP 事件 DTMF 1
RTP 有效负载
RTP 事件 DTMF 1(结束)
RTP 有效负载
RTP 事件 DTMF 1(结束)
RTP 有效负载
RTP 事件 DTMF 1(结束)
RTP 有效负载
RTP 有效负载
RTP 有效负载
RTP 有效负载
RTP 有效负载
RTP 事件 DTMF 2
RTP 有效负载
RTP 事件 DTMF 2
RTP 有效负载
RTP 事件 DTMF 2(结束)
RTP 有效负载
RTP 事件 DTMF 2(结束)
RTP 有效负载
RTP 事件 DTMF 2(结束)
RTP 有效负载
RTP 有效负载
RTP 有效负载
RTP 有效负载
RTP 事件 DTMF 3
RTP 有效负载
RTP 事件 DTMF 3
RTP 有效负载
RTP 事件 DTMF 3(结束)
RTP 有效负载
RTP 事件 DTMF 3(结束)
RTP 有效负载
RTP 事件 DTMF 3(结束)
RTP 有效负载
RTP 有效负载
RTP 有效负载
RTP 有效负载
RTP 有效负载
RTP 有效负载
CAPTURE 2 是否遵循 RFC2833?
I captured a tcpdump of a SIP call to debug DTMF problem (repeated digits), but I have some problem interpreting it.
From what I understand, when I parse the captured traffic through wireshark's "VOIP CALL", I should see something like this (for digits 123) :
CAPTURE 1
RTP telephone event DTMF One 1
(end of event)
RTP telephone event DTMF Two 2
(end of event)
RTP telephone event DTMF Three 3
(end of event)
But I'm seeing this instead
CAPTURE 2
RTP telephone event DTMF One 1
RTP telephone event DTMF One 1
RTP telephone event DTMF One 1
(end)
RTP telephone event DTMF Two 2
RTP telephone event DTMF Two 2
RTP telephone event DTMF Two 2
(end)
RTP telephone event DTMF Two 3
RTP telephone event DTMF Two 3
RTP telephone event DTMF Two 3
(end)
On 1 system, CAPTURE 2 is detected as 123, but on another system it seems to decode this as having repeated digits. What's the reason for wireshark not grouping them together as a single RTP event?
This is the rtp traffic flow:
CAPTURE 1:
RTP EVENT DTMF 1
RTP EVENT DTMF 1
RTP EVENT DTMF 1 (end)
RTP EVENT DTMF 1 (end)
RTP EVENT DTMF 1 (end)
RTP EVENT DTMF 2
RTP EVENT DTMF 2
RTP EVENT DTMF 2 (end)
RTP EVENT DTMF 2 (end)
RTP EVENT DTMF 2 (end)
RTP EVENT DTMF 3
RTP EVENT DTMF 3
RTP EVENT DTMF 3 (end)
RTP EVENT DTMF 3 (end)
RTP EVENT DTMF 3 (end)
RTP PAYLOAD
...
...
...
RTP PAYLOAD
whereas CAPTURE 2 is:
RTP EVENT DTMF 1
RTP PAYLOAD
RTP EVENT DTMF 1
RTP PAYLOAD
RTP EVENT DTMF 1 (end)
RTP PAYLOAD
RTP EVENT DTMF 1 (end)
RTP PAYLOAD
RTP EVENT DTMF 1 (end)
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
RTP EVENT DTMF 2
RTP PAYLOAD
RTP EVENT DTMF 2
RTP PAYLOAD
RTP EVENT DTMF 2 (end)
RTP PAYLOAD
RTP EVENT DTMF 2 (end)
RTP PAYLOAD
RTP EVENT DTMF 2 (end)
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
RTP EVENT DTMF 3
RTP PAYLOAD
RTP EVENT DTMF 3
RTP PAYLOAD
RTP EVENT DTMF 3 (end)
RTP PAYLOAD
RTP EVENT DTMF 3 (end)
RTP PAYLOAD
RTP EVENT DTMF 3 (end)
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
RTP PAYLOAD
Is CAPTURE 2 following RFC2833?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
实际上,规范鼓励您冗余传输 RTP 事件数据包,因为可能会丢失数据包,并且建议至少发送 3 次。检查每个重复事件的开始和结束时间。如果您需要延长事件(仍按住键、比您想要在一个事件中编码的时间长等),那么您可以延长它而不结束它。
这也是End包发送3次的原因。 (请参阅 RFC 2833 第 3.6 节)。
Actually, the spec encourages you to redundantly-transmit RTP Event packets, because of possible packet loss, and they suggest sending each 3 times at least. Check the start and end times in each duplicated event. If you need to extend the event (key still held down, longer than you want to encode in one event, etc), then you can extend it without ending it.
This is also why the End packets are sent 3 times. (See section 3.6 of RFC 2833).
RFC 2833“事件”完全有可能被编码为多个 RTP 数据包。 3.6节告诉我们
RFC 将“一个周期”定义为 50 毫秒。
所以
RTP 事件 DTMF 1
RTP 事件 DTMF 1
RTP EVENT DTMF 1(结束)
表示有人按下 1 键约 150 毫秒。
It's perfectly possible for an RFC 2833 "event" to be encoded as multiple RTP packets. Section 3.6 tells us that
The RFC defines "one period" as 50ms.
So
RTP EVENT DTMF 1
RTP EVENT DTMF 1
RTP EVENT DTMF 1 (end)
means that we have someone pressing the 1 key for around 150ms.