Thursday 11 July 2024

Wireshark setting to interpret UDP as RTP automatically

 Before I forget again, a Wireshark setting that can help saving time by trying to interpret any UDP as RTP, if possible:


Analyze --> Enabled Protocols... --> Search for RTP and enable at least 'rtp_udp'


Without that change, when SIP signalling is not present (or it's encrypted) Wireshark would not understand automatically that UDP packets may be RTP.

This is particularly true for example for WebRTC calls, where signalling happens elsewhere and is not available to Wireshark.

This will also save the reader some time if you're used to right click and 'Decode As...' to achieve the same.


Wireshark setting to interpret UDP as RTP automatically

 Before I forget again, a Wireshark setting that can help saving time by trying to interpret any UDP as RTP, if possible: Analyze --> Ena...