Wireshark-users: Re: [Wireshark-users] Windows 7 and Wireshark any release
From: Jaap Keuter <[email protected]>
Date: Tue, 26 Oct 2010 21:22:56 +0200
On 10/26/2010 07:17 PM, Guy Harris wrote:
On Oct 26, 2010, at 6:45 AM, Giel Oberholster (ZA) wrote:

I am having problems when using Wireshark with Windows 7.  Whenever I sniff a VOIP G.711A call with Wireshark, the packets are not seen by Wireshark as G.711A but as UDP. Even if I decode the UDP to RTP things are not working properly.
The data side of things ( I can see the packet loss /Jitter etc.)  are working as expected I can however not listen to the call.
I have tried several releases of Wireshark ( last one I used was 1.40 on Windows 7)
When I do the exact same sniff with XP and Wireshark 1.40 – no problem.
Something in Windows 7 is treating the sniffed packets differently.
Something on the machine running Windows 7 is causing the sniffed packets to be treated differently from the way they're being treated on the Windows XP machine.  That could be the operating system, but it could also be, for example, the configuration of Wireshark, or the version of Wireshark installed.

Are you running Wireshark 1.4.0 (which is presumably what you meant by "1.40" - there's no version 1.40 of Wireshark) on both machines, or are you running a different version (for example, a recent build from the trunk) on the Windows 7 machine?

Are the protocol preferences settings for RTP the same on both machines?  In particular, is the "Try to decode RTP outside of conversations" checked on both machines?

That last tip usually does it. Also, upgrade to Wireshark 1.4.1, it has some important VoIP related fixes for you.