The context : I'm building an RTSP / RTP server in C#, i saw that there was two main libs that can help me, the first is Managed Media Aggregation. The second is SharpRTSP. I use the first for the packetization of data for RTP and the second to handle the RTSP side with the SDP.
I analyzed packet with wireshark because when i try to access the video content of my server, it success to connect but i have no data incoming, so i look to everything that can be the cause. The analisys show me that the following line in the SDP (on the describe answer of the server) is marked with yellow.
fmtp:96 packetization-mode=1; // param 1
profile-level-id=4267; // param 2
sprop-parameter-sets=Z0IACvhBog==,aM44gA== // param 3
The question : My question is a two part question.
1. Can someone tell me why this line is returned with a warning by wireshark ?
2. Is it possible that wireshark return a warning because one of the parameter isn't correct ?
Thanks a lot for your time !
If you expand the packet details, you should see an "Expert Info" indication as to why Wireshark categorized the packet as a warning. You can also open the "Expert Infos" dialog via Analyze -> Expert Info or by clicking on the small circle in the lower left hand side of the status bar. That dialog will show you all the "Expert Infos" for all packets, grouped by severity.
Further, you can even apply a display filter for expert infos. The syntax differs depending on what version of Wireshark you're using, but it's one of these two:
Wireshark's SDP dissector adds several "Expert Info" entries; you can always browse the packet-sdp.c source code to try to find out more information as to why Wireshark might have added a particular one. The expert info details begin down around line 3153 and the only entry that is categorized as PI_WARN is for an "Invalid conversion", the logic which determines this being up around lines 1338-1370. So is that the "Expert Info" you're seeing? If so, then there would appear to be something wrong with the profile-level-id, but without a packet capture to look at, I wouldn't be able to tell you exactly what that is.
It's also possible there was a Wireshark bug with the conversion? You haven't stated which version of Wireshark you're running, but you could try to update to the latest available version of Wireshark to see if the warning goes away. If it doesn't and you're confident that the packet is correctly formatted, you could open a Wireshark bug report and supply a capture file for the developers to use for testing.