This is our old Q&A Site. Please post any new questions and answers at

I have a pcap file containing RTP over UDP packets Using thark 2.0.2 I can decode this using:

tshark -r capture.pcap -d udp.port==1-65535,rtp -Y ip.src==xxxx -T fields -e rtp.seq

Using 1.0.15 the decode fails, and though data is printed to screen, it is the undecoded UDP

An obvious solution would be to upgrade tshark on the second system, but for various reasons this is there any alternative?

asked 25 Oct '16, 01:14

dbrb2's gravatar image

accept rate: 0%

It's probably in the settings, there's one called 'Try to decode RTP outside of conversations" in the ui. You can also set this from the command line.

permanent link

answered 25 Oct '16, 03:04

Jaap's gravatar image

Jaap ♦
accept rate: 14%

from one of your own answers it is this i guess "-o rtp.heuristic_rtp:TRUE"

(25 Oct '16, 03:06) koundi

Unfortunately this fails on some streams with older wireshark.

I will try to use a newer release...

(25 Oct '16, 03:39) dbrb2
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 25 Oct '16, 01:14

question was seen: 1,874 times

last updated: 25 Oct '16, 05:05

p​o​w​e​r​e​d by O​S​Q​A