Many of you would have noticed that at times when you open a packet capture containing RTP from voice calls than there are many RTP packets which are appearing as UDP, Wireshark was not able to detect the UDP payload as RTP
If you right click on any such packet and select ‘decode as’ RTP than wireshark correctly detects packets as RTP streams, however if you have like 100 undetected streams in a capture than it becomes a headache to manually do this step for every stream
The reason some streams get detected while some go undetected is because wireshark is by default setup to only detect RTP streams which were part of a ‘conversation’ i.e. a call-setup
So if you have the SIP setup messages for a call than its RTP packets will be also detected but if there were already some active calls for which you only mange to capture the RTP packets than such RTP streams won’t be detected
However, the great thing is that you can change this behavior
Go to Edit > Preferences > Protocols > RTP and select the check-box next to ‘Try to decode RTP outside of conversations’
Now, no matter what, all the RTP streams will be detected
Related posts:
- Record VoIP Calls 1st of all please be clear, this post is not...
- Packet data not available when call is active Nokia Far last many days I faced the error of packet...
- Decode and Play G729 on Windows Decode and Play G729 on Windows Wireshark has a very...
- Bypass Blocked VoIP If you live in one of those unfortunate countries where...
- How can I use VoIP ? You can use VoIP to make phone calls using...
no comment untill now