Wireshark · Wireshark-users: Re: [Wireshark-users] Why does wireshark not recognize my RTP packets in the correct way?

Wireshark-users: Re: [Wireshark-users] Why does wireshark not recognize my RTP packets in the cor

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Thu, 10 Sep 2009 11:27:41 -0700


On Sep 10, 2009, at 4:08 AM, André Loddenkemper wrote:

The problem is: Wireshark just recognizes those packets as "UDP" andnot as "RTP" as it should be.

By default, Wireshark only recognizes RTP packets if some previouspackets set up an RTP session.

In the protocol preferences for RTP (Edit -> Preferences, and selectRTP under Protocols), there's a "Try to decode RTP outside ofconversations" preference; if you turn it on, the RTP dissector willlook at otherwise-undecoded UDP packets and see whether they lookenough like RTP packets, in its opinion, to treat them as RTP packets.

The heuristic it uses is a bit weak (I'm not sure there are anystronger ones), so it's not on by default, as it might mis-identifytraffic as RTP that's not RTP traffic.

References:
- [Wireshark-users] Why does wireshark not recognize my RTP packets in the correct way?
  - From: André Loddenkemper

Prev by Date: Re: [Wireshark-users] MacOS 10.6 / Wireshark 1.2.1 - No interfaces to capture from is listed..
Next by Date: [Wireshark-users] Installing with libpcap 1.0
Previous by thread: Re: [Wireshark-users] Why does wireshark not recognize my RTP packets in the correct way?
Next by thread: [Wireshark-users] Libgcrypt is not found when trying to install wireshark 1.2.1
Index(es):
- Date
- Thread