Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

RTP is notoriously difficult to identify correctly among UDP netnet traffic. Therefore Wireshark relies on a few different methods to do so. First it uses the signalling protocols (e.g. SIP/SDP, H.323/H.245, etc) to learn the addresses and ports of the RTP endpoints. Another way it to depend on the user to use "Decode as..." to map the RTP dissector to a stream. As a last resort (off by default) Wireshark can have the "rtp_udp" heuristic dissection option enabled (see the enabled protocols dialog), which tries to identify, using the limited fields available, RTP packets.

What's happening here I don't know, if you can share an actual capture file (via some file sharing service) there might be more to tell.