Wireshark-users: Re: [Wireshark-users] Microsoft OCS

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 1 Oct 2008 15:55:59 -0700

On Oct 1, 2008, at 3:31 PM, Mike Louis wrote:

I am working with Microsoft OCS

Microsoft Office Communications Server? (Not everybody here's familiar with all of Microsoft's initialisms.)

RTP streams and I noticed that I could not report on the UDP streams using RTP until I did a decode as “rtp”.

At least according to the Wikipedia page for Microsoft Office Communications Server, it uses SIP for signaling, so *IF* your network capture includes the SIP traffic, it should be able to recognize the traffic.

If your capture *doesn't* include the SIP traffic, the only way Wireshark can recognize RTP traffic without human help is by looking at the packets and guessing that they're RTP. The code we have to do that doesn't check a lot of fields in the packet, so it probably runs a significant risk of identifying non-RTP traffic as RTP. We therefore made that not the default; if you want Wireshark to be able to automatically recognize RTP traffic even if you *didn't* capture the signaling traffic that set the RTP stream up, you'll need to go to the Edit -> Preferences dialog, select the "RTP" preferences under "Protocols", and set the "Try to decode RTP outside of conversations" option.