1 | initial version |
RTP is notoriously difficult to identify correctly among UDP netnet traffic. Therefore Wireshark relies on a few different methods to do so. First it uses the signalling protocols (e.g. SIP/SDP, H.323/H.245, etc) to learn the addresses and ports of the RTP endpoints. Another way it to depend on the user to use "Decode as..." to map the RTP dissector to a stream. As a last resort (off by default) Wireshark can have the "rtp_udp" heuristic dissection option enabled (see the enabled protocols dialog), which tries to identify, using the limited fields available, RTP packets.
What's happening here I don't know, if you can share an actual capture file (via some file sharing service) there might be more to tell.