Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RTP, SIP and RTCP

From: Martin Visser <martinvisser99 () gmail com>
Date: Wed, 16 Dec 2009 10:00:49 +1100
If you want to post a sample of the capture to the list , it might help us
understand what is different about your network traffic.
Regards, Martin

MartinVisser99 () gmail com


On Wed, Dec 16, 2009 at 12:43 AM, hne <haneugen () yahoo de> wrote:


This has not been the case.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
From: alindber () yahoo com
To: haneugen () yahoo de
Date: 20:36:03, 12.14.2009
Subject: Re: [Wireshark-users] RTP, SIP and RTCP
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~




There may be another explanation. If your SIP is using TCP port 5061 then

you might be using TLS encryption for your SIP hence all of the SIP payload
will be hidden by the encryption. If this is true, then the RTP might also
be encrypted as well.


Alex Lindberg

--- On Mon, 12/14/09, Jaap Keuter <jaap.keuter () xs4all nl> wrote:

From: Jaap Keuter <jaap.keuter () xs4all nl>
Subject: Re: [Wireshark-users] RTP, SIP and RTCP
To: "Community support list for Wireshark" <

wireshark-users () wireshark org>

Date: Monday, December 14, 2009, 8:58 AM

Hi,

That probably means there's not SDP to work with in your SIP messages.
There's another way to get RTP/RTCP dissection going. Go to the

Preferences,

find RTP and RTCP in the Protocol list and enable the feature "Try to

decode RTP

/RTCP outside of conversation".
That will try to pick up your RTP packets anyway, but may lead to false
positives, dissecting other packets as RTP as well.

Thanks,
Jaap

hne wrote:

Thanks for the hint. Unfortunately it didn't work out quit that way.

When I use the Decode as feature, it decodes only all packets to / from the
involved ports as SIP, but thats all, the only way to have RTP packets to be
decoded seems to be to do this RTP recognition for every port beeing used
for RTP.


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
From: jaap.keuter () xs4all nl
To: haneugen () yahoo de
Date: 14:59:03, 12.12.2009
Subject: Re: [Wireshark-users] RTP, SIP and RTCP
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~




Hi,

The trick would be to look for what you think is a SIP packet and

then

use the Decode as feature. Once it sees the SIP/SDP it will find the
RTP/RTCP too.

Thanks,
Jaap

Send from my iPhone

On 12 dec 2009, at 12:16, "hne" <haneugen () yahoo de> wrote:


Hi,

I have a stream of captured RTP, SIP and RTCP packets, is there a
way to to have wireshark to recognize them, I mean their content,
since it is only able to display the fields of the TCP and UDP
headers.

Thanks in advance.

Cheers,
hne




___________________________________________________________________________

Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe






___________________________________________________________________________

Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: