I have two captured files, taken in different scenario. One of them - when I perform : "Decode as" to the UDP packets it shows unknown packet type 3. I suppose this may be the SRTP packet stream. But in another capture, all SIP packets are encrypted and "Try to dissect RTP packets from decode outside conversation" gives the RTP packets with dynamic payload type 108, SSRC and time. My understanding is if wireshark can dissect RTP packets and see its heading, it should be unencrypted RTP packets.Can anybody please suggest me if I am wrong ? Or is there any possibility that even if wireshark can show the RTP headings, this RTP packet still can be encrypted ?? asked 30 May '15, 08:12 Shas |
can you provide the capture file? It's hard to follow your description without it.
this is the capture file, which i assume is not encrypted. https://www.cloudshark.org/captures/3d0876f70a45
Actually you cannot differentiate between srtp and rtp packets as they have the exact same headers.So even if the packet is encrypted the header is not. so you will still see them as rtp packets in wireshark!