Wireshark-users: Re: [Wireshark-users] openvpn and packet sniffing

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 05 Dec 2006 12:33:19 -0800

Bill Fassler wrote:

Sorry I should have provided a better info. Anyway I do get a capture and I see only UDP traffic. I am sure the RTP and SIP traffic is within those packets.

I.e., this is "the packets *are* in the capture but aren't recognized by Wireshark as RTP packets" case.

I thought of a perl script to possibly parse out what I want to see or writing another plugin, that gets to the RTP and then passes it off to the appropriate dissector.

All such a plugin would do is detect RTP traffic and cause it to be dissected as RTP; the way to do *that* is to have the RTP dissector do that - which is what the "try turning the 'try to decode RTP outside of conversations preference for RTP on" suggestion was for. If a plugin could do a better job of detecting RTP traffic than the current RTP dissector's heuristic, it shouldn't be done as a plugin dissector, it should be done as a change to the RTP dissector. (If the heuristics are strong enough - i.e., they won't identify a lot of non-RTP traffic as being RTP - they could be turned on by default.)

In any event, I don't want to reinvent the wheel and I'm sure someone has already jumped this hurdle. I will try your "decode as" suggestion. I think this might let me more easily see what I want although it soudns a little cumbersome.

Why not try the other suggestion?