Improve RTP detection

[0xA50C1A1]

I guess it would be good to add a check for the 4-byte SSRC (Synchronization Source Identifier) field, which is present in all RTP packets and remains static throughout the session.

[mmaatuq]

I don't think having static SSRC throughout the session is the case for all RTP sessions for example some apps has a session that starts as stun and then RTP packets where you can find different SSRCS in that session.
also unless i misunderstood this part
https://datatracker.ietf.org/doc/html/rfc3550#section-5.2
it's possible as per RFC 3550.

[0xA50C1A1]

I don't think having static SSRC throughout the session is the case for all RTP sessions for example some apps has a session that starts as stun and then RTP packets where you can find different SSRCS in that session. also unless i misunderstood this part https://datatracker.ietf.org/doc/html/rfc3550#section-5.2 it's possible as per RFC 3550.

Do you have any pcap samples?

[mmaatuq]

I don't think having static SSRC throughout the session is the case for all RTP sessions for example some apps has a session that starts as stun and then RTP packets where you can find different SSRCS in that session. also unless i misunderstood this part https://datatracker.ietf.org/doc/html/rfc3550#section-5.2 it's possible as per RFC 3550.

Do you have any pcap samples?

I don't have one, but I think you can see that by capturing a pcap for whastapp call for example.

[0xA50C1A1]

I don't think having static SSRC throughout the session is the case for all RTP sessions for example some apps has a session that starts as stun and then RTP packets where you can find different SSRCS in that session. also unless i misunderstood this part https://datatracker.ietf.org/doc/html/rfc3550#section-5.2 it's possible as per RFC 3550.

Do you have any pcap samples?

I don't have one, but I think you can see that by capturing a pcap for whastapp call for example.

Ty, I'll try.