From RFC 5764:
+----------------+
| 127 < B < 192 -+--> forward to RTP
| |
packet --> | 19 < B < 64 -+--> forward to DTLS
| |
| B < 2 -+--> forward to STUN
+----------------+
Where B is the first byte of the packet. So for DTLS packet identification we do the following after casting the data to unsigned char*,
if(packet[0] > 19 && packet[0] < 64)
This works only for RTP, DTLS and STUN packets. But fails for UDP, TCP etc. If I send a UDP packet which has the first Byte between 20 and 63 then the above condition considers it as a DTLS packet. From google's source code DTLS packet identification is done like this,
static bool IsDtlsPacket(const char* data, size_t len) {
const uint8* u = reinterpret_cast<const uint8*>(data);
return (len >= 13 && (u[0] > 19 && u[0] < 64));
}
But this doesn't identify DTLS packets properly as well. In wireshark I can see that it can correctly distinguish DTLS packets from UDP/TCP packets. How do I do it?