I have a pcap file containing RTP over UDP packets Using thark 2.0.2 I can decode this using:
tshark -r capture.pcap -d udp.port==1-65535,rtp -Y ip.src==xxxx -T fields -e rtp.seq
Using 1.0.15 the decode fails, and though data is printed to screen, it is the undecoded UDP
An obvious solution would be to upgrade tshark on the second system, but for various reasons this is problematic...is there any alternative?
asked 25 Oct '16, 01:14
It's probably in the settings, there's one called 'Try to decode RTP outside of conversations" in the ui. You can also set this from the command line.
answered 25 Oct '16, 03:04