Wireshark mailing list archives
Re: Why does wireshark decode my RTP data as "RTP Events"?
From: Nan Xiao <xiaonan830818 () gmail com>
Date: Thu, 30 Sep 2021 08:59:09 +0800
Hi Sake, Yes, it actually worked after disabling the rtpevent protocol. Thanks very much for your time and help! Best Regards Nan Xiao On Thu, Sep 30, 2021 at 5:24 AM Sake Blok | SYN-bit <sake.blok () syn-bit nl> wrote:
Hi Nan Xiao, Payload type 101 is dynamic, which means it can be any codec, but it has to be defined during the signalling phase of the call. However, it is often used for DTMF codes, that's why the rtpevent dissector registers itself on RTP payload type 101. You can overrule that setting by going into the RTP event protocol preferences and choose another value or you can disable the rtpevent protocol altogether (temporarily). Please note however, that without the call setup, wireshark will not know which codec is used for payload type 101 and can only display the RTP header, but not play back the audio. Cheers, Met vriendelijke groet, Sake Blok Relational therapist for computer systems +31 (0)6 2181 4696 sake.blok () SYN-bit nl SYN-bit Deep Traffic Analysis http://www.SYN-bit.nlOn 29 Sep 2021 (Wed), at 11:18, Nan Xiao <xiaonan830818 () gmail com>wrote:Hi Community, Greetings from me! I have a RTP pcap file, and after decoding it as "RTP" protocol, itdisplays as "RTP Events". I guess there should be some values which hint wireshark to decode it as "RTP Events", but I can't figure it out. Anyone can give some clues? Thanks very much in advance!P.S., The pacp file and screenshot on my wireshark are attached. Best Regards Nan Xiao<rtp.pcap><Screenshot.png>___________________________________________________________________________Sent via: Wireshark-users mailing list <wireshark-users () wireshark org Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Why does wireshark decode my RTP data as "RTP Events"? Nan Xiao (Sep 29)
- Re: Why does wireshark decode my RTP data as "RTP Events"? Sake Blok | SYN-bit (Sep 29)
- Re: Why does wireshark decode my RTP data as "RTP Events"? Nan Xiao (Sep 29)
- Re: Why does wireshark decode my RTP data as "RTP Events"? Sake Blok | SYN-bit (Sep 29)