match rtp protocol

Unanswered Question
Oct 29th, 2008

I ned exclude to the encription list rtp traffic. Is there any way to identify this traffic in an access-list?

Thank's

Marcelo

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ohassairi Thu, 10/30/2008 - 00:15

Although there are no standards assigned, RTP is generally configured to use ports 16384-32767

Amit Singh Thu, 10/30/2008 - 02:41

you can simply match the udp traafic in an acl with the above mentioned port range.

MARCELO MATURO Thu, 10/30/2008 - 04:36

The problem is that in this case I am excluding This traffic udp for the encription,and maybe there is not rtp .

Thank's

Joseph W. Doherty Thu, 10/30/2008 - 05:34

Many forms of encryption completely conceal the original packet, which makes it impossible to determine an encrypted packet is something like a RTP packet.

Encrypted packets can replicate an original packet's ToS, if they do, and if the ToS is unique enough to only be RTP, you can identify the traffic using it.

If the traffic is encrypted within SSL, there are now applicances that sometimes effectively provide a "man-in-the-middle", where you can decrypt the traffic and then see what it is. Such an appliance could then exclude such traffic.

Actions

This Discussion