rtcp traffic ????

Carter Bullard carter at qosient.com
Tue Mar 15 08:42:11 EST 2005


Hey Serge,
   Sorry for the delayed response.  Hmmmm, yes, argus's rtp/rtcp
discovery logic occasionally will confuse AFS and DNS for rtp
(fixed offset constants with an apparent sequence number in the
next packet).  And once it makes the association that the flow
maybe rtp/rtcp it doesn't revalidate the test on each packet,
for performance, ...., so there is great room for improvement.

   A few questions.  How many packets were in the flow? I suspect
less than 5?  And were there any responses?

Carter


-----Original Message-----
From: owner-argus-info at lists.andrew.cmu.edu
[mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Serge Maandag
Sent: Sunday, March 13, 2005 4:04 PM
To: Russell Fulton; argus-info at lists.andrew.cmu.edu
Subject: RE: [ARGUS] rtcp traffic ????

> Recently I have started seeing our DNS traffic being tagged as rtcp in
> argus:
> 
> 2005-03-10-06:55:49 rtcp     130.216.1.1:32772    ->     
> 202.2.59.39:53     INT
> 
> Any idea what is going on here?
> 

IIRC, the ports 32772 and 32773 are used by the SIP protocol for VoIP.
Why that should connect to port 53, I don't know..

Serge.

-------------
Op de inhoud van dit e-mailbericht en de daaraan gehechte bijlagen is de
inhoud van de volgende disclaimer van toepassing:
http://www.zeelandnet.nl/disclaimer.php







More information about the argus mailing list