 | 1 | initial version |
Simply put, you are forcing Wireshark to look at these UDP packets (which are datagrams) to interpret their payload as RTP. The RTP dissector looks at these payloads and despite the little heuristics it can do, it sees that the version number field in the RTP interpretation of the UDP payload is '1', which is an unsupported number. There are no known sources that send RTP version 1 traffic, only version 2. So that begs the question, is this really RTP transport?
You talk about fragmentation. On the level of UDP and RTP there is no concept of fragmentation. Perhaps on the layer below that (IP), or in the RTP payload, but that's unknown at this point.
