Wireshark-users: Re: [Wireshark-users] Why does wireshark not recognize my RTP packets in the cor
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 10 Sep 2009 11:27:41 -0700
On Sep 10, 2009, at 4:08 AM, André Loddenkemper wrote:
The problem is: Wireshark just recognizes those packets as "UDP" and not as "RTP" as it should be. 
By default, Wireshark only recognizes RTP packets if some previous  
packets set up an RTP session.

In the protocol preferences for RTP (Edit -> Preferences, and select  
RTP under Protocols), there's a "Try to decode RTP outside of  
conversations" preference; if you turn it on, the RTP dissector will  
look at otherwise-undecoded UDP packets and see whether they look  
enough like RTP packets, in its opinion, to treat them as RTP packets.

The heuristic it uses is a bit weak (I'm not sure there are any  
stronger ones), so it's not on by default, as it might mis-identify  
traffic as RTP that's not RTP traffic.