This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Criteria for decoding UDP to RTP

0

Hello,

I'm writing a VoIP application and trying to verify correct RTP behavior with Wireshark. Unfortunately, Wireshark sees my packets as UDP only, it does not recognize them as RTP packets. What criteria does Wireshark use to determine RTP packets? Thanks.

asked 13 Feb '11, 10:15

cbwest's gravatar image

cbwest
1111
accept rate: 0%


3 Answers:

1

Open the preferences, scroll down in the list of protocols, select RTP, check "Try to decode RTP outside of conversations".

answered 13 Feb '11, 11:22

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

0

Wireshark needs to see the signaling (SIP, MGCP, H.248, etc) associated with the VoIP call in order to determine which UDP packets are RTP. The signaling packets contain Session Description Protocol data, which tells the endpoints which IPs/ports to send RTP to. Wireshark in turn uses this SDP info to decode UDP packets matching those IP/port pairs as RTP.

It sounds like you either the signaling is not in the PCAP file or your signaling is being sent on a non-standard port. You can use the preferences setting in Jaap's answer to get around the former, or you can select a signaling packet and set a user specific decode via right-click -> Decode As -> Transport -> Both for the latter.

answered 14 Feb '11, 11:08

grossman's gravatar image

grossman
16114
accept rate: 0%

0

Please note that:

  1. Wireshark doesn't need signaling, but can use signaling to tag UDP packet flows as possible RTP packet flows.
  2. Session Description Protocol (SDP) is just one of the possible signaling protocols to describe the media session. This is usually related to SIP and MGCP. Another media description protocols is H.245 f.i.
  3. Wireshark use the hint derived from the media description protocol to try to dissect the UDP packets as RTP. RTP is hard to heuristically discriminate from other UDP payloads, therefore the media description protocol dissection is helpful, while the RTP dissector preference helps out in other cases.

answered 14 Feb '11, 14:36

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%