Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Why does wireshark not recognize my RTP packets in the cor

From: "George Peaslee" <gpeaslee@xxxxxxxxxxx>
Date: Thu, 10 Sep 2009 06:16:21 -0500
If you right click on one of the packets and select decode as, then select RTP, does it fix the problem? If so, go to edit preferences - protocols - RTP and check all three boxes.


From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of André Loddenkemper
Sent: Thursday, September 10, 2009 6:08 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Why does wireshark not recognize my RTP packets in the correct way?

Hello,

at work I have programmed my own RTP stack to send data (wrapped in RTP packets) through the network to another pc, where it can be recieved by a voip application.

For testing purposes I am sending the RTP data to my own computer and watching the traffic with wireshark, where I can see all the RTP packets I sent. The problem is: Wireshark just recognizes those packets as "UDP" and not as "RTP" as it should be. My first guess was, I did something wrong in the RTP header. I checked it and everything there is OK, I think.
And on top of that: If I select such and UDP packet, right-click and decode it manually as a RTP packet, everything is fine. Now, with "decode as RTP", Wireshark does recognize all my packets in the correct way. Every field of the RTP header is correct. I compared it bit by bit with RTP packets from Ekiga, it is exactly the same.

I now have spent several days, re-coding and testing.
So my question is: How is that possible? Any Ideas? Why does wireshark not recognize my RTP packets in the correct way?

Greetings,
andre.