In December 2021 I started the following topic:
https://forum.openwrt.org/t/nlbwmon-catching-voip-traffic/115410
At that time I had activated sdp-forwarding, so the RTP data flows from my IP-phone to the VoIP provider and vice-a-versa. Nlbwmon registered this traffic as "other traffic".
Now I've changed this configuration and deactivated sdp-forwarding. The following picture shows the VoIP data flow:
192.168.52.19 is the WAN IP of my OpenWRT router (22.03.02), 195.185.37.60 the IP of my VoIP provider.
nlbwmon gives the following statistics (172.19.50.1=router, 172.19.50.40=IP-phone):
Fam Host ( MAC ) Layer7 Conn. > Downld. ( > Pkts. ) Upload ( Pkts. )
IPv4 172.19.10.130 (bd:e7:10) HTTP-TCP 2810 6383985 B ( 10385 ) 2912742 B ( 11913 )
IPv4 172.19.50.1 (c6:0a:50) YSIP-5060 1674 5497778 B ( 12005 ) 8223071 B ( 68921 )
IPv4 172.19.10.130 (bd:e7:10) HTTPS-TCP 2608 2331470 B ( 1542 ) 442423 B ( 4993 )
IPv4 172.19.50.40 (dd:cb:94) HTTP-TCP 486 977242 B ( 2409 ) 235469 B ( 2794 )
IPv4 172.19.10.130 (bd:e7:10) DNS-UDP 34 1064 B ( 8 ) 576 B ( 8 )
IPv4 172.19.10.130 (bd:e7:10) NTP-UDP 7 152 B ( 2 ) 152 B ( 2 )
Before the 5-minutes call the YSIP-5060 traffic was:
IPv4 172.19.50.1 (c6:0a:50) YSIP-5060 1666 5452705 B ( 11909 ) 8158243 B ( 68403 )
The difference is 5497778 - 5452705 = 45073 Bytes. So this difference definitely contains no RTP data. I have expected the RTP data would show up as "other traffic". But there is no "other traffic".
Here is the output of grep -vE 'port=(53|22|123|8853)' /proc/net/nf_conntrack:
ipv4 2 udp 17 178 src=172.19.50.40 dst=172.19.50.1 sport=4060 dport=5060 packets=0 bytes=0 src=172.19.50.1 dst=172.19.50.40 sport=5060 dport=4060 packets=0 bytes=0 [ASSURED] mark=0 zone=0 use=2
ipv4 2 udp 17 298 src=172.19.50.1 dst=195.185.37.60 sport=5060 dport=5060 packets=9 bytes=270 src=195.185.37.60 dst=192.168.52.19 sport=5060 dport=5060 packets=0 bytes=0 [ASSURED] mark=0 zone=0 use=2
Can anybody explain this behaviour?