  • Wireshark and RTP in flow

    More a Wireshark question rather than Shoretel but figure someone here would know.... Running wireshark 3.0.0, When looking at a capture using Telephone>VoIP calls, I find the call and confirm it is complete. Then open up flow sequence, I do not see the RTP in the flow, nor can I decode the audio (yes g 7.11), however on a server also using 3.0.0 I do see the rtp and audio on the exact same pcap. I went through and compared the settings and everything looks the same including under protocols>RTP. I have uninstalled, deleted files, removed registry entry and reinstalled and still have the same issue. Any ideas would be appreciated.

  • #2
    I believe for Wireshark to automatically decode the UDP packets the SIP invite must be present in the capture. Otherwise you will need to manually right-click one of the packets and select to decode it as RTP. This will try to decode all UDP packets of the given port as RTP. This should be done for both streams, inbound and outbound. You can also look at the SIP SDP to determine the stream ports and find that traffic to decode.


    • #3
      Thanks for the response.... Yeah... I always make sure I have the complete call beginning (including SDP and SIP invite)....Like I said...I opened the exact same file on the customer server and it displays the RTP in the flow.