This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have two captured files, taken in different scenario. One of them - when I perform : "Decode as" to the UDP packets it shows unknown packet type 3. I suppose this may be the SRTP packet stream. But in another capture, all SIP packets are encrypted and "Try to dissect RTP packets from decode outside conversation" gives the RTP packets with dynamic payload type 108, SSRC and time. My understanding is if wireshark can dissect RTP packets and see its heading, it should be unencrypted RTP packets.Can anybody please suggest me if I am wrong ? Or is there any possibility that even if wireshark can show the RTP headings, this RTP packet still can be encrypted ??

asked 30 May '15, 08:12

Shas's gravatar image

Shas
19910
accept rate: 0%

can you provide the capture file? It's hard to follow your description without it.

(30 May '15, 08:42) Kurt Knochner ♦

this is the capture file, which i assume is not encrypted. https://www.cloudshark.org/captures/3d0876f70a45

(30 May '15, 09:01) Shas

Actually you cannot differentiate between srtp and rtp packets as they have the exact same headers.So even if the packet is encrypted the header is not. so you will still see them as rtp packets in wireshark!

(11 Jun '15, 04:46) koundi
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×238
×34
×9

question asked: 30 May '15, 08:12

question was seen: 7,508 times

last updated: 11 Jun '15, 04:46

p​o​w​e​r​e​d by O​S​Q​A