[VOIPSEC] RTP packet signature
Dan Wing
dwing at cisco.com
Thu Oct 6 16:04:13 CDT 2005
> I¹d describe this as a flow based analysis as opposed to a
> packet based analysis. John describes a flow analysis technique
> that I believe is fairly robust at identifying RTP producing/
> consuming endpoints on a network. One other item to add would
> be the existence of an approximately symmetric data flow
> between the communicating addresses.
The original question was, I believe, about RTP. RTP doesn't
require or expect approximately symmetric data flow -- consider
a conference call with a mixer and muted parties and VAD, for
example. Or consider my other examples -- T.38 over RTP (the
receiving fax machine sends much less data than the sending
fax machine), text over RTP (RFC4103), voice with VAD,
one-way streaming media (music, video), 3 way calling (where
one party won't send and the other might still be in sendrecv),
and so on.
-d
More information about the Voipsec
mailing list