Giacomo Vacca

Before I forget again, a Wireshark setting that can help saving time by trying to interpret any UDP as RTP, if possible: Analyze --> Enabled Protocols... --> Search for RTP and enable at least 'rtp_udp' Without that change, when SIP signalling is not present (or it's encrypted) Wireshark would not understand automatically that UDP packets may be RTP. This is particularly true for example for WebRTC calls, where signalling happens elsewhere and is not available to Wireshark. This will also save the reader some time if you're used to right click and 'Decode As...' to achieve the same.

Disclaimer: I wrote this article on March 2022 while working with Subspace, and the original link is here:  https://subspace.com/resources/ice-negotiation . This post in my personal blog is a way to ensure it doesn't get lost. There is nothing service-specific in it, I've made only minor edits and I hope it can be a good technical reference on the topic. WebRTC is a set of protocols that allow applications, typically running on Web browsers, to exchange media (audio, video, data) with other entities. Before media can flow, however, the WebRTC entities need to discover what type of connection is possible, and among the possible connections, what’s the best to be used. This needs to happen as fast as possible, so that users can perceive the service as instantaneous as possible. WebRTC includes protocols like STUN and TURN that are designed to facilitate the establishment of connections when a direct connection is not possible. The typical case is a computer inside a home or o...

  WebRTC applications use the ICE negotiation to discovery the best way to communicate with a remote party. I t dynamically finds a pair of candidates (IP address, port and transport, also known as “transport address”) suitable for exchanging media and data. The most important aspect of this is “dynamically”: a local and a remote transport address are found based on the network conditions at the time of establishing a session. For example, a WebRTC client that normally uses a server reflexive transport address to communicate with an SFU. when running inside the home office, may use a relay transport address over TCP when running inside an office network which limits remote UDP targets. The same configuration (defined as “iceServers” when creating an RTCPeerConnection will work in both cases, producing different outcomes.

 I'm a passionate runner, and always considered cycling as something fun, e.g. mountain-biking, but difficult to practice regularly. There's a lot of overhead in cycling, like the preparation, bike maintenance, dealing with city traffic, etc. Anyway about eight months ago I bought a road bike and felt in love with it. Soon after that I discovered Zwift and that gave an additional dimension to the sport: practice whenever you want from home, with accurate power measurements and a way to socialise with distant people. That was a game changer. In five months I cycled 1600 virtual Km and climbed almost 17 virtual Km. Meanwhile my running performance, instead of degrading, improved, and that surprised me. Anyway what I wanted to write about is a great article I read, "Physiological Differences Between Cycling and Running" . It's a review of articles published in that area. Some conclusions are very interesting. In general it seems sports medicine is still inconclusive...

 Since I needed to see a few details in the handling of attributes in STUN responses, I thought of going through the whole STUN protocol RFC again and take notes on the most important parts. I put my notes in some slides, and I'm sharing then in Slideshare in case somebody else may find them useful too: STUN protocol from Giacomo Vacca

I needed an efficient way to programmatically extract RTP streams from a network capture. In addition I wanted to: save each stream into a separate pcap file. extract SRTP-negotiated keys if present and available in the trace, associating them to the related RTP (or SRTP if the negotiation succeeded) stream. Some caveats: In normal conditions the negotiation of SRTP sessions happens via a secure transport, typically SIP over TLS, so the exchanged crypto information may not be available from a simple network capture. There are ways to extract RTP streams using Wireshark or tcpdump; it’s not necessary to do it programmatically. All this said I wrote a small tool ( https://github.com/giavac/pcap_tool ) that parses a network capture and tries to interpret each packet as either RTP/SRTP or SIP, and does two main things: save each detected RTP/SRTP stream into a dedicated pcap file, which name contains the related SSRC. print a summary of the crypto information exchanged, if available. With ...

It goes without saying that SIP solutions are impacted by NAT. So much that some scenarios required integration to RFC 3261 , e.g. with RFC 3581 , which defined the ' rport ' attribute to be added in the Via header (integrating the ' received ' attribute): with that information, responses could be routed to the source port of the related request, and not on the advertised port in the original Via. That was called Symmetric Response , and applied to connection-less transports (UDP), while, as mentioned in RFC 6314 , it's not necessary when using reliable transports (TCP in most cases): SIP responses can be sent back on the same connection on which the request arrived. Also from RFC 3261, chapter 18, Transport layer, client behaviour: "For reliable transports, the response is normally sent on the connection on which the request was received." But the client needs to be prepared to receive the response on a new connection: "[...] the transport layer MUST...