How wireshark understands if UDP packet has to be considered as RTP packet? For instance... when i select "Try to decode RTP outside of conversations" [Edit ->Preferences -> RTP -> Try to decode RTP outside of conversations, only few UDP packets turn into RTP Packets. What information [i.e. payload, version etc..] wireshark checks in UDP Packets? asked 17 Jan '14, 02:54  lte007 |
One Answer:
Check the code in packet-rtp.c function dissect_rtp_heur_common(). In general there isn't a good signature for RTP packets so any heuristic will be weak. If you have the control signaling seting up the RTP flow your trace wireshark should be able to determine which packets are RTP or if this feature is missing for the control signaling dissector used in your trace it could be added. answered 17 Jan '14, 03:38  Anders ♦ |
