We filtered original pcap file with display filter rtpevent and write results to separate pcap file as below,
tshark -r TestRTPSIP.pcap -Y "rtpevent" -w rtpevent.pcap
result file rtpevent.pcap have packets but displaying as udp, cant see rtpevent information.
Go to Analyse | Enabled Protocols.
In the dialog that pops up fill in 'RTP' as search item.
Under the RTP item look for rtp_udp, and make sure that's checked.
Click OK to close the dialog and compare the results.
Thanks for response. By enabling this check box, I can see rtp packets, but not rtpevents in wireshark. I need option for tshark.
Another solution is to save the SDP packets in the new file too, as they contain the mapping of the dynamic payload type for the rtpevent packets (which tell the user-agents which payload type is used for rtpevent pdus, this is also how Wireshark knows to dissect these udp packets as rtpevent).
So, you could use tshark -r TestRTPSIP.pcap -Y "sdp or rtpevent" -w rtpevent.pcap and see if that solves the issue for you too.
It solves our problem, but we need only rtp and rtpevents as filter to reduce file size by excluding sip/sdp. Anyhow, if no option is there to save only rtp/rtpevents, then saving new file with sdp is only solution which we using currently. Thanks!
--enable-heuristic and using port numbers converting to RTP packets , but cant see rtpEvent info.Can you please help if any solution for show RTPEvents(DTMF data)?
Are the rtpevent packets shown as UDP in the info column, or maybe as some other protocol. In my case they were show as DIS protocol and I needed to disable the DIS dissector. So, without your specific packets it is really hard (to impossible) to help you out (see the email address in my profile if you are able to share the pcap file)
Asked: 2024-01-04 15:44:30 +0000
Seen: 169 times
Last updated: Jan 04
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
