Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


VoIP packets showing up as bogus IP header in Ethereal

Posted on 2006-03-20
Medium Priority
Last Modified: 2008-01-09
I'm having an issue with Ethereal showing VoIP packets as bogus IP header.  This was asked before but the solution was not posted.
Question by:DEMurrayIII

Expert Comment

ID: 16240143
Interesting.  What version of Ethereal?  What sort of VoIP packets?  SIP, H323, etc?  Are the packets tagged?  Could you post more detail?


Author Comment

ID: 16240514
Ethereal version 0.10.14   Using a Mitel 3300.  Sounds like what happen with Q_21555885.html.  The error I get in ethereal is  "Bogus IP Header length (0, must be at least 20)"

Expert Comment

ID: 16240798
Are you capturing inline with a hub or by mirroring a port?  Could the packets be fragmented?

Are you capturing the full packet for traffic other than the VoIP?
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments


Author Comment

ID: 16240989
Using a Hub.  Yes the packets could be fragmented.  The only thing on this VLAN is the voice.   Setup is out of Cisco 3750 port to Hub.  Hub has a connection to the Mitel 3300 and a connection to a non addressed NIC on pc.  I'm able to capture data.  I am capturing any and all traffic between Mitel 3300 and Cisco 3750 switch on vlan.

Expert Comment

ID: 16262717

Accepted Solution

Tony_Friar earned 2000 total points
ID: 16266254

The packets which are shown as "Bogus IP header length" are RTP packets. Ethereal only marks RTP packets as RTP packets if it also recognises the VoIP signalling that sets up the RTP stream (i.e. SIP, H.323). Ethereal looks into the VoIP siganlling to see which UDP ports are being used for RTP. It thens marks these ports as RTP flows.

As the Mitel 3300 does not use SIP or H.323 (it uses a Mitel protocol known as Minet) and Ethereal does not support Minet the RTP packets are not identified by Ethereal as RTP packets.

You can manually mark these packets as RTP by doing the following:

1) Highlight one of the packets, right click on it and select 'Decode as...'
2) Select RTP from the right hand column of options
3) On the ports button in the centre of the 'Decode as' screen select 'both ports'
4) Click 'Apply' and then 'OK'

The packets for that RTP flow and its return RTP flow should now show as RTP.

If you have multiple calls and hence multiple RTP flows using different ports you may need to do this for each call.



Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every year the snow affects people and businesses. According to the Federation of Small Businesses (FSB), in 2009, UK businesses lost an estimated £1.2bn (http://news.bbc.co.uk/1/hi/business/7864804.stm) because of bad weather. This article was c…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Integration Management Part 2

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question