Re: RTP, SIP and RTCP

[Alex Lindberg <alindber () yahoo com>]

There may be another explanation.  If your SIP is using TCP port 5061 then you might be using TLS encryption for your 
SIP hence all of the SIP payload will be hidden by the encryption.  If this is true, then the RTP might also be 
encrypted as well.

Alex Lindberg
 
--- On Mon, 12/14/09, Jaap Keuter <jaap.keuter () xs4all nl> wrote:

From: Jaap Keuter <jaap.keuter () xs4all nl>
Subject: Re: [Wireshark-users] RTP, SIP and RTCP
To: "Community support list for Wireshark" <wireshark-users () wireshark org>
Date: Monday, December 14, 2009, 8:58 AM

Hi,

That probably means there's not SDP to work with in your SIP messages.
There's another way to get RTP/RTCP dissection going. Go to the Preferences, 
find RTP and RTCP in the Protocol list and enable the feature "Try to decode RTP 
/RTCP outside of conversation".
That will try to pick up your RTP packets anyway, but may lead to false 
positives, dissecting other packets as RTP as well.

Thanks,
Jaap

hne wrote:
> Thanks for the hint. Unfortunately it didn't work out quit that way. When I use the Decode as feature, it decodes 
> only all packets to / from the involved ports as SIP, but thats all, the only way to have RTP packets to be decoded 
> seems to be to do this RTP recognition for every port beeing used for RTP.
>
> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
> From: jaap.keuter () xs4all nl
> To: haneugen () yahoo de
> Date: 14:59:03, 12.12.2009
> Subject: Re: [Wireshark-users] RTP, SIP and RTCP
> ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
>
>
>
> > > Hi,
> > >
> > > The trick would be to look for what you think is a SIP packet and then 
> > > use the Decode as feature. Once it sees the SIP/SDP it will find the 
> > > RTP/RTCP too.
> > >
> > > Thanks,
> > > Jaap
> > >
> > > Send from my iPhone
> > >
> > > On 12 dec 2009, at 12:16, "hne" <haneugen () yahoo de> wrote:
> > >
> > > > Hi,
> > > >
> > > > I have a stream of captured RTP, SIP and RTCP packets, is there a 
> > > > way to to have wireshark to recognize them, I mean their content, 
> > > > since it is only able to display the fields of the TCP and UDP 
> > > > headers.
> > > >
> > > > Thanks in advance.
> > > >
> > > > Cheers,
> > > > hne

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe



      
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe