Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Why does wireshark decode my RTP data as "RTP Events"?

Date Prev · Date Next · Thread Prev · Thread Next
From: Nan Xiao <xiaonan830818@xxxxxxxxx>
Date: Thu, 30 Sep 2021 08:59:09 +0800
Hi Sake,

Yes, it actually worked after disabling the rtpevent protocol. Thanks very much for your time and help!
Best Regards
Nan Xiao


On Thu, Sep 30, 2021 at 5:24 AM Sake Blok | SYN-bit <sake.blok@xxxxxxxxxx> wrote:
Hi Nan Xiao,

Payload type 101 is dynamic, which means it can be any codec, but it has to be defined during the signalling phase of the call. However, it is often used for DTMF codes, that's why the rtpevent dissector registers itself on RTP payload type 101. You can overrule that setting by going into the RTP event protocol preferences and choose another value or you can disable the rtpevent protocol altogether (temporarily). Please note however, that without the call setup, wireshark will not know which codec is used for payload type 101 and can only display the RTP header, but not play back the audio.

Cheers,
Met vriendelijke groet,


Sake Blok
Relational therapist for computer systems

+31 (0)6 2181 4696
sake.blok@xxxxxxxxxx

SYN-bit
Deep Traffic Analysis
http://www.SYN-bit.nl

> On 29 Sep 2021 (Wed), at 11:18, Nan Xiao <xiaonan830818@xxxxxxxxx> wrote:
>
> Hi Community,
>
> Greetings from me!
>
> I have a RTP pcap file, and after decoding it as "RTP" protocol, it displays as "RTP Events". I guess there should be some values which hint wireshark to decode it as "RTP Events", but I can't figure it out. Anyone can give some clues? Thanks very much in advance!
>
> P.S., The pacp file and screenshot on my wireshark are attached.
> Best Regards
> Nan Xiao
> <rtp.pcap><Screenshot.png>___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe