Hi Nan Xiao,
Payload type 101 is dynamic, which means it can be any codec, but it has to be defined during the signalling phase of the call. However, it is often used for DTMF codes, that's why the rtpevent dissector registers itself on RTP payload type 101. You can overrule that setting by going into the RTP event protocol preferences and choose another value or you can disable the rtpevent protocol altogether (temporarily). Please note however, that without the call setup, wireshark will not know which codec is used for payload type 101 and can only display the RTP header, but not play back the audio.
Cheers,
Met vriendelijke groet,
Sake Blok
Relational therapist for computer systems
+31 (0)6 2181 4696
sake.blok@xxxxxxxxxx
SYN-bit
Deep Traffic Analysis
http://www.SYN-bit.nl
> On 29 Sep 2021 (Wed), at 11:18, Nan Xiao <xiaonan830818@xxxxxxxxx> wrote:
>
> Hi Community,
>
> Greetings from me!
>
> I have a RTP pcap file, and after decoding it as "RTP" protocol, it displays as "RTP Events". I guess there should be some values which hint wireshark to decode it as "RTP Events", but I can't figure it out. Anyone can give some clues? Thanks very much in advance!
>
> P.S., The pacp file and screenshot on my wireshark are attached.
> Best Regards
> Nan Xiao
> <rtp.pcap><Screenshot.png>___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
