The Real Time Control Protocol specification allows for a number of identification fields that can be fairly useful when analyzing the protocol. The protocol itself has a number of different types of packets, one of which is a source description packet (SDES). VOIP endpoints using RTP will send one of these SDES packets to identify themselves. Inside the packet are a variable number of fields that can include identifying data such as a username, email address, phone number, location and the software application controlling the RTP stream.
The only mandatory description is the Canonical Name (CNAME) field, which in theory, uniquely identifies the source by joining a username and fully-qualified domain name, e.g. email@example.com. Your IP Telephony application may allow you to specify the username or it may pull it from the operating system's login. In addition, your application may support one or more of the optional fields mentioned above. For example, the OpenH323 project's OpenPhone application passes the string "OpenPhone" in the TOOL field.
Consider using a packet-sniffing tool to take a baseline of your RTP/RTCP traffic. Once you understand what optional fields your IP Telephony applications support, and what data is being sent in them, you may be able to use this to your advantage when troubleshooting or performing other support activity. For example, this may be particularly useful when you're trying to find a particular RTP flow in a dynamic environment like a call center, where users don't have an assigned workstation and perhaps many people use the same workstation during a day.
The format of the SDES packet is such that you cannot search a specific offset from the start of the frame because the number of fields varies, but you can search for the data type or a specific string, once you know what to expect.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.