I recently installed the latest version of Wireshark (version 2.0.0). I am having a difficult time decoding voice traffic. In the older version I could modify my protocol preferences for RTP using these steps.
"Decode RTP outside of conversations" enabled (in Edit->Preferences->Protocols->RTP).
In the new version this is not an option. Some forum talked about going through each packet and right clicking on it and selecting decode as. This is very cumbersome. Isn't there a way to universally set this preference?
asked 01 Dec '15, 13:13
edited 04 Dec '15, 01:15
There are two ways to get UDP packets to be dissected as RTP if Wireshark doesn't see a session set up as UDP and automatically dissect them as UDP:
The first of those is what is done with "Decode As".
The second of those is what used to be done with the "Decode RTP outside of conversations" and is now done with the "Enabled Protocols" dialog - enable the "RTP over UDP" dissector (which, arguably somewhat confusingly, only controls whether the heuristic dissector is enabled).
So there isn't a "Decode RTP outside of conversations" option, but there is a setting that does the same thing, it's now in the "Enabled Protocols" dialog.
(The heuristic dissector is disabled by default, because it's a very weak heuristic (a better heuristic might not be possible) and thus would identify a lot of non-RTP traffic as RTP.)
answered 01 Dec '15, 18:12
Guy Harris ♦♦