Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1431
Views
0
Helpful
2
Replies

How to identify RTP ports ?

aghazi
Level 1
Level 1

‎10-22-2002 04:59 AM - edited ‎03-17-2019 07:54 PM

My customer is interested in blocking the RTP traffic sourced from any VoIP application. Any idea, how to identify the ports used by RTP.

I understand that when a router receives a (voice over) IP packet from its peer, it can identify a UDP datagram by looking at the protocol field of the IP packet. What I don’t understand is that how the receiving router will identify (by looking at the UDP port numbers) that the receiving UDP datagram actually consists of RTP traffic.

thanks,

Ahmer Ghazi

Labels:
0 Helpful
2 Replies 2

gstegmann
Level 1
Level 1

‎10-23-2002 02:19 AM

hi.

blocking all udp traffic with udp-ports greater than or equal to 16384 on both ends will certainly block all rdp-traffic. but it will likely block other applications too, that use these combinations.

rdp-packets are "inside" the udp-packets, so there is another header :

IP

|--UDP

|--RDP

you can figure that out by using a network monitor or a sniffer.

0 Helpful

mhayek
Level 1
Level 1

‎11-07-2002 09:49 AM

In order to identify Cisco VOIP(RTP and RTCP) packets, look for UDP ports in this range: 16383 - 32767 with an access list, and then deny it.

It could look something like this:

access-list deny udp any any range 16383 32767

0 Helpful
Customers Also Viewed These Support Documents