Wireshark-users: Re: [Wireshark-users] Windows 7 and Wireshark any release
From: Guy Harris <[email protected]>
Date: Tue, 26 Oct 2010 10:17:33 -0700
On Oct 26, 2010, at 6:45 AM, Giel Oberholster (ZA) wrote:

> I am having problems when using Wireshark with Windows 7.  Whenever I sniff a VOIP G.711A call with Wireshark, the packets are not seen by Wireshark as G.711A but as UDP. Even if I decode the UDP to RTP things are not working properly.
> The data side of things ( I can see the packet loss /Jitter etc.)  are working as expected I can however not listen to the call.
> I have tried several releases of Wireshark ( last one I used was 1.40 on Windows 7)
> When I do the exact same sniff with XP and Wireshark 1.40 – no problem.
> Something in Windows 7 is treating the sniffed packets differently.

Something on the machine running Windows 7 is causing the sniffed packets to be treated differently from the way they're being treated on the Windows XP machine.  That could be the operating system, but it could also be, for example, the configuration of Wireshark, or the version of Wireshark installed.

Are you running Wireshark 1.4.0 (which is presumably what you meant by "1.40" - there's no version 1.40 of Wireshark) on both machines, or are you running a different version (for example, a recent build from the trunk) on the Windows 7 machine?

Are the protocol preferences settings for RTP the same on both machines?  In particular, is the "Try to decode RTP outside of conversations" checked on both machines?