Ethereal-users: [Ethereal-users] Specifying a range or filter for "decode as"

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Sean Walberg" <sean@xxxxxxxx>
Date: Wed, 3 May 2006 15:42:42 -0500
I'm using Ethereal to analyze RTP streams sent between Avaya PBXes.  Upon viewing the capture file, it is not recognized as RTP which is understandable.  I'm able to right click and assign RTP to the port and get my analysis that way, but dealing with a million packets or so takes an absurd amount of time to do since Ethereal reprocesses all the packets every time I set up one session, and there are many sessions to do.

The signalling protocol is proprietary, so Ethereal doesn't have the chance to figure out that the packets are supposed to be RTP by looking at the signalling.  I'm able to filter enough that everything on my screen I see should be RTP, but is there a more efficient way of telling Ethereal to decode everything as RTP, or to provide a range of UDP ports to decode as RTP?

Thanks,

Sean

--
Sean Walberg <sean@xxxxxxxx>     http://ertw.com/