Sorry I should have provided a better info. Anyway I do get a capture and I see only UDP traffic. I am sure the RTP and SIP traffic is within those packets. I thought of a perl script to possibly parse out what I want to see or writing another plugin, that gets to the RTP and then passes it off to the appropriate dissector. In any event, I don't want to reinvent the wheel and I'm sure someone has already jumped this hurdle. I will try your "decode as" suggestion. I think this might let me more easily see what I want although it soudns a little cumbersome.
@Bill
Guy Harris <guy@xxxxxxxxxxxx> wrote:
Bill Fassler wrote:
> I'm working development of a VoIP project which is using openvpn on the
> server side. Debugging is very tricky because I can't see the RTP
> packets.
"Can't see" in what sense?
> Is there any mechanism or plugin for wireshark or ethereal
> that would allow me to see the RTP packets?
If "can't see" means that the packets aren't in the capture, that's
probably an issue with whatever capture mechanism you're using, so it
can't be fixed at the Wireshark level.
If "can't see" means that the packets *are* in the capture but aren't
recognized by Wireshark as RTP packets, then try either
1) try turning the "try to decode RTP outside of conversations"
preference for RTP on (that causes RTP to try to guess what packets are
RTP packets - the problem is that there's no fixed port number used by
RTP, and no reliable signature to identify RTP packets, so it has to
guess, and it might guess wrong)
or
2) use the "Decode As" option to force the RTP packets to be decoded as
such.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
Need a quick answer? Get one in minutes from people who know. Ask your question on
Yahoo! Answers.
