I am working on a packet capture program to analyze RTP/RTCP traffic. The traffic is in mobile network, e.g., the VoLTE. I understand that I need to search in the SIP/SDP packets first to get the actual addresses and port numbers used in RTP/RTCP. The question is what information should I look into. For example:
There are so many protocols and it's hard to grasp them all to get a particular info needed. Thanks.
Source/Destination and other information in the SIP packets. Since SIP proxy is used, the address of the SIP packet and information in SIP header like: "Via", "To" and "From", etc., have nothing to do with the RTP addresses, right? (P.S., what is the really purpose of these fields?)
RIght, these information has nothing to do with your RTP/RTCP information, these are just information about the SIP proxy and two party associated with the SIP session related information.
What is the difference between o= line and c= line in SDP? Will the RTP uses one of them?
O line is also something you don't need to know, its about originator client information or identifier. C= line holds the default address for your session, this can be session level attribute or media level attribute if you have multiple media like RTP and RTCP. If its session level attribute in SDP then it will appear before m= line. If the session is non-ICE session then this address will be used for your media.
I have to find the common codecs and payload types supported in caller and callee's SDP to determine RTCP ports. If they support more than one codec for a media type, is it possible for the two ends to use different codec?
You will find the codec related information in m= line which will hold the media name, transport type and default port for that media, in case of non-ICE media this port will be used for that corresponding media. m= will hold the codec related information as well, these are space separated values. You can not use different codec unless the codec you selected is interoperable with the other one which is most unlikely.
If there are STUN, TURN or ICE involved, what else should I look into?
You will find these information as a= line, all the a= line appears after m= line until another m= line of end of SDP are that corresponding media attributes, lets say for candidate you will see something like a=candidate lines as ICE candidates, you may also see a=ice-pwd, a=ice-ufrag etc. Lets say if you have audio m= line with RTP and RTCP component then you may also see a=rtcp line with a port value which is RTCP default port, in that case the port appears in that m= line is RTP default port. For more details on SDP you can check the SDP RFC. Also you can check ICE RFC for ICE related attribute details.