Finance glossary

What is RTP detection?

Bristol James
5 Min

Real-time Transport Protocol or RTP detection refers to the identification, analysis and management of network traffic that is used to transmit audio, video and media in real-time.

Contexts where RTP detection is applicable include:

  • Video teleconference applications.
  • Internal protocol television (IPTV) services.
  • Voice over Internet Protocol (VoIP) services, and
  • Web-based push-to-talk systems.

Real-Time Transport Protocol

To better understand RTP detection, it is first important to explain Real-time Transport Protocol itself.

RTP is a network communication protocol that helps transport audio, video and media data instantaneously.

As such, it is present in many communication and entertainment systems where a media stream needs to be broadcast live or received by many users at the same time. Notable systems include Skype, FaceTime, WhatsApp, Zoom, Twitch and Microsoft Teams.

The protocol’s primary objective is the smooth and consistent delivery of data, and in the next section, we’ll take a look at how this is accomplished.

Packets and jitter

Packets and jitter are crucial concepts that dictate how well audio and video RTP streams are delivered over a network.

Packets

When Real-time Transport Protocol is used to transmit data, the data is sent in discrete bunches known as packets.

Think of each packet as a piece of data (such as a snippet of audio or video) that also contains other important information such as a timestamp and sequence number.

Packets are sent over the network to their destination, but due to the distributed nature of the internet, some packets:

  • Arrive in the wrong order (out-of-order delivery), or
  • Do not arrive at all (packet loss)

Jitter

Jitter refers to variation in the time it takes for packets to arrive at their destination.

In an ideal network, packets arrive at regular intervals. Often, however, some packets arrive quickly while others are delayed. If packets do not arrive as expected, jitter increases and it becomes more difficult for RTP to transmit a smooth and interrupted stream.

When jitter is pronounced, audio and video may be characterised by sudden pauses, distortion, static, echoes, repetition, pixelation, frozen frames and synchronisation issues.

The importance of RTP detection

Essential to RTP detection are two other protocols that work in conjunction with the Real-time Transport Protocol. These include:

  1. RTP Control Protocol (RTCP) – the RTCP does not transmit data but instead collects data on quality-related aspects of data transmission. For each RTP session, it provides feedback on factors such as packet count, packet loss and packet delay variation.
  2. Secure Real-time Transport Protocol (SRTP) – a security-focused protocol developed by Cisco and Ericsson in 2004. The SRTP is an extension of RTP that provides encryption, message authentication and protection from replay attack – a type of network attack where data transmission is maliciously or fraudulently delayed or repeated.

Here are some of the practical ways the three protocols assist in RTP detection.

Quality of service (QoS)

Quality of service (QoS) pertains to the qualitative measurement of the overall performance of real-time audio and video communication.

As hinted at earlier, the collection of QoS statistics is the domain of RTCP. Depending on the metric in question, the RTCP issues a report so that corrective action can be taken.

RTP Detection: an example QoS monitoring dashboard
An example QoS monitoring dashboard with data on jitter, packet loss and out-of-order delivery (Source: Paessler)

Let’s return to out-of-order delivery, packet loss and jitter with examples of how each is rectified.

Out-of-order delivery

In the case of out-of-order delivery, packets are sent to a buffer where the receiver reorders them according to their respective sequence number.

In this context, the receiver is the device, application or system that receives and processes data packets from the sender.

Packet loss

If a packet is lost and does not arrive, some RTP streams estimate or recreate the lost data based on the surrounding packets.

One technique – known as Packet Loss Concealment (PLC) – employs algorithms to repeat or interpolate data and make the disruption caused by missing packets less noticeable to the user.

Jitter

RTCP uses a specific type of packet known as the Receive Report (RR) packet to measure jitter.

The RR packet contains a field specifically to measure jitter, which is calculated by measuring how much the timing of an audio or visual packet deviates from the expected interval.

Jitter buffers help smooth out variations in packet arrival time by temporarily storing them before they are processed. This ensures that packets are delivered at regular intervals despite network fluctuations.

Adaptive buffers can even adjust their size in response to network conditions. The size of the buffer increases and decreases during periods of high and low jitter respectively.

Network performance management

RTP detection helps system administrators and other security professionals manage the RTP traffic in a network.

Two important tasks help administrators clarify how many VoIP or video sessions have been established and what bandwidth is required to support them based on QoS standards.

These include:

  1. Fast detection of RTP streams, which can sometimes be hard to distinguish from other types of internet traffic, and
  2. Classification of the RTP payload – a core part of the RTP packet that specifies the content type, compression codec, media format and synchronisation timestamps, among other details.

To maintain consistent transmission of data, RTP traffic may also be prioritised over less time-sensitive data to ensure packets are delivered with minimal delay.

Adaptive streaming is also used in contexts where network conditions fluctuate. Here, systems detect when bandwidth is limited and can adjust the bitrate of a stream to ensure the transmission is not interrupted.

Network performance management has obvious benefits for the user experience and customer satisfaction. With the total number of 5G connections predicted to skyrocket to 7.9 billion by 2028, these benefits will become more important as both the volume of data and speed of data transmission increases.

Security

RTP streams can also be vulnerable to various types of attacks such as eavesdropping, spoofing and denial-of-service (DoS) attacks.

RTP detection helps identify suspicious or unauthorized RTP traffic and enables the implementation of security measures such as encryption, intrusion detection and access control.

Security is especially important in environments where sensitive information is transmitted, such as in corporate communications, finance and telemedicine. In these and other VoIP contexts, SRTP encrypts the content of each RTP packet so that even intercepted data cannot be read without a key.

STRP also ensures that the data has not been modified during transmission. To do this, it generates a cryptographic hash for each packet that is checked by the receiver to ensure it is genuine and unmodified.

Summary:

  • RTP detection involves the identification and analysis of RTP (Real-time Transport Protocol) traffic within a network. RTP is used to transmit audio, visual and other media in real-time.
  • The primary objective of RTP is the smooth, consistent, uninterrupted and logical transmission of data to the end user. Out-of-order delivery, packet loss and jitter are three problems that RTP and similar protocols must overcome to achieve this objective.
  • RTP detection involves additional protocols such as Secure Real-time Transport Protocol (SRTP) and RTP Control Protocol (RTCP). The former protects the safety of users, while the latter collects transmission statistics to ensure networks meet Quality of Service (QoS) parameters.

Related articles

Finance glossary

What is a data breach?

A data breach occurs when an unauthorized user gains entry into a system and steals sensitive information like payment records, personal data, …

Read more
Finance glossary

What is an IP Address?

An Internet Protocol (IP) Address is a unique set of numbers that is attached to the internet activity of a certain computer …

Read more

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.